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UNDERSTANDING AND 
SUPPORTING WINDOWS NT 
WORKSTATION 


In this chapter, you will learn: 


About the Windows NT environment and its architecture 

About the strengths and weaknesses of Windows NT 

How to evaluate when Windows NT is the best choice for a PC OS 
How to install and customize Windows NT 


+ + +o o > 


How to set up a Windows NT environment for a DOS or Windows 3.x 
application 
+ How to use some Windows NT troubleshooting techniques and tools 


his chapter provides an introduction to Windows NT Workstation (the NT 

stands for new technology), including basic architecture, installation, mainte- 
nance, and troubleshooting. There are two versions of Windows NT: Windows 
NT Workstation and Windows NT Server. You can use Windows NT 
Workstation on a standalone PC or as the operating system on a workstation 
connected to a network. Windows NT Server, which is not covered in this book, 
can do the same, as well as provide a domain environment on a network. (A 
domain is a group of computers joined together over a network that share a 
common database used to control security to each PC on the network.) There 
have been several upgrades of Windows NT; the last is Version 4, which is the 
subject of this chapter. The next upgrade of Windows NT is Windows 2000, 
which is the subject of the next chapter although many of the concepts, processes, 
and tools introduced in this chapter also apply to Windows 2000. 


Windows NT Workstation and Windows NT Server are architecturally built more 
like the UNIX OS than like other Windows operating systems, such as DOS with 
Windows 3.x and Windows 9x. Windows NT is designed with a strong emphasis 
on room for expandability, primarily accomplished by its modular approach to 
dealing with applications and hardware. Windows NT is also intended to port to 
several non-Intel-based platforms, provide a high level of security, performance, 
and reliability, and offer strong networking features. 
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Assuming that you are familiar with Windows 9x, this chapter often compares Windows NT 
Workstation to Windows 9x so that you can contrast them and make informed decisions 
about which best suits your needs. However, comparisons of some features are difficult to 
make because the two operating systems are fundamentally different. It would be much eas- 
ier to compare Windows NT to UNIX, particularly when talking about performance, reli- 
ability, and networking features. Traditionally, UNIX has not been a viable option for a 
personal computer operating system, although this is changing somewhat with the growing 
popularity of Linux. This chapter only compares Windows NT to Windows 9x. 
Furthermore, to fully appreciate the strengths of Windows NT, you need to go beyond the 
scope of this chapter to studying networking in detail. 


Winpows NT vs. WiINDows 9x 


Table 13-1 summarizes how some important Windows NT and Windows 9x features (which 
will be discussed in this chapter) compare. Remember the following two important points: 
First, if Windows NT is installed on a PC that is not as powerful as the type of computer it was 
designed to run on, Windows NT does not perform as well as Windows 9x would on that PC. 
However, on a powerful workstation PC with a configuration recommended for Windows NT, 
Windows NT usually performs faster and better than Windows 9x.The second important point 
is that Windows NT is not another evolution of DOS, Windows 3.x, and Windows 9x. In fact, 
the opposite is true. Windows NT was developed before Windows 95. Windows 9x and its 
upgrade, Windows 98, were built as a bridge between the old (DOS with Windows 3.x) and 
the new (Windows NT). The rest of this section highlights and expands on several of the 
differences between Windows NT and Windows 9x. While Windows 9x and Windows NT 
Workstation differ dramatically in underlying architecture and structure, they share many 
features, including a similar user interface, some of the same utilities (such as Internet Explorer 
and Microsoft Messaging), and other features (such as system policies, user profiles, and hard- 
ware profiles). Windows NT Workstation offers higher performance, reliability, and security 
than does Windows 9x. On the other hand, Windows 9x has less demanding hardware require- 
ments, offers broad application and device compatibility, and works well on notebook PCs 
because of better power management features and Plug and Play capability. 


The key to appreciating the advantage of Windows NT over Windows 9x is in the platforms 
and settings that Windows NT targets. Windows NT is designed to satisfy the needs of pow- 
erful workstations networked in a corporate environment. Windows 9x, however, is used on 
low-end PCs dominating the home market, where multimedia applications software and ease 
of installation are more of an issue than network security and high-end performance. 


One major difference between Windows 9x and Windows NT is that Windows NTT is a full 
32-bit operating system, operating in protected mode as soon as it receives control from 
BIOS. Recall that Windows 9x begins the boot process in real mode and loads some real- 
mode components before shifting to protected mode. Windows 9x supports real-mode 
device drivers; Windows NT does not allow them. Windows 9x uses virtual device drivers 
(VxDs) that often interact directly with hardware. Windows NT does not allow them, but 
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uses a more layered approach. It does use virtual device drivers, which it calls VDDs, but they 
are allowed to work only within their virtual machine and must depend on Windows NT 
device drivers to communicate with the device itself. Table 13-1 lists major differences 
between Windows NT and Windows 9x. 


Table 13-1 
Feature 


Hardware 
requirements 


Comparing Windows NT to Windows 9x 


Windows 9x 


Low, requiring a 486 PC with 
8-16 MB of RAM 


Windows NT 


High, requiring a Pentium with 
16-32 MB RAM 


Hardware 
compatibility 


Supports most legacy devices 


Supports most current devices, but 
does not claim backward compatibility 
with legacy devices 


Software 
compatibility 


Fully backward-compatible 
with older DOS and 
Windows 3.x applications 


No support for any application 
that attempts to access 
hardware directly 


Installation 


Offers Plug and Play capability 


Does not offer Plug and Play and 
offers less device driver support 


Power management 


Built-in power management 
for laptops 


None 


Performance 


Reliability and 
stability 


Security 


Offers multitasking for 32-bit 
and 16-bit applications 


Much better than Windows 3.x 


Allows violation of the logon 
process controlled from a server 


Features of Windows NT 
Ar os| Windows NT Workstation includes the following features: 


1.1 


Also offers preemptive multi- 
tasking for 32-bit applications and 
cooperative multitasking for 16-bit 
applications. Has significantly better 
performance on systems with at 
least 32 MB of RAM 


Very high reliability and stability; 
all applications run in protected 
memory space 


Very high security down to the 
file level 


a Desktop performance. Supports a powerful multitasking environment and 
multiple microprocessors for true multitasking 


a Hardware profiles. Can maintain separate hardware profiles for different hard- 
ware configurations on the same PC 


a Internet Explorer. Provides a built-in web browser (Internet Explorer) 


m Peer Web services. Provides a personal web server 


a Security. Provides security for individual files, folders, and other resources. User 
access to a PC’s resources can be controlled by user IDs and passwords on the 
standalone PC or managed from a network controller. 
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a OS Stability. Uses protective processing, which prevents applications from caus- 
ing errors in other applications or in Windows NT itself 


Many of these same features, including Internet Explorer, hardware profiles, and user access, 
are available from Windows 9x as well. Windows 9x allows you to use more hardware devices 
than does Windows NT, has a simpler installation process, and supports power management 
features better than does Windows NT: Windows 9x supports Plug and Play technology, but 
Windows NT does not. Windows NT has higher performance, including faster speed on 
high-end PCs, higher reliability, and better security than does Windows 9x. The minimum 
hardware requirements for Windows NT on an IBM-compatible PC are listed below. 
However, even though Windows NT does run on this minimum hardware configuration, 
remember that you need a powerful high-end PC to experience the full benefits of 
Windows NT. 


a Pentium-compatible processor or higher 
a 16 MB of RAM (32 MB is recommended) 
m 110 MB of hard disk space 


While the minimum requirements listed above reference IBM-compatible machines, 
Windows NT can run on other computers as well, providing the same interface and func- 
tionality. The main difference between Windows NT running on an IBM-compatible CPU 
and Windows NT on other computers is in the layer (which is a part of Windows NT) 
between the OS and the hardware, called the hardware abstraction layer or HAL. The 
hardware platforms supported by Windows NT are listed below. This chapter focuses only 
on the Intel-based CPUs of IBM-compatible machines. 


m Intel x86-based (486 or higher) processor 

m MIPS R4x00-based processor 

a Alpha AXP-based processor 

a PReP-compliant PowerPC-based processor 


The Windows NT CD-ROM contains three installation directories to choose from, one 
for each of these types of processors. Each directory contains a different version of HAL 
(sometimes referred to as the core of the OS). HAL is discussed at greater length later in 
this chapter. 


Hardware Supported by Windows NT. Many hardware device models are not supported by 
Windows NT. For this reason, before you decide to upgrade a PC to Windows NT, first 
determine if all components on your PC will work under Windows NT. For instance, you 
might have to replace a network card, modem, video card, etc., before Windows NT works. 
To determine if a hardware component is supported by Windows NT, see the hardware 
compatibility list (HCL) for Windows NT that comes with the software.The most recent 
copy is available on the Microsoft Web site at www. microsoft.com/hcl. On the list, which you 
can search by hardware category and/or company name, are all hardware devices supported 
by Windows 98, Windows NT, and Windows 2000. For instance, Figure 13-1 shows the par- 
tial results of a search for modems compatible with Windows NT 4.0. Ifa device is not on 
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the list, ask the manufacturer if there is a driver specifically for Windows NT (not just 
Windows 9x). If no driver exists, this device will not work under Windows NT. 


Z Windows Hardware Compatibility List - MindSpring Internet Explorer 

| Eile Edit View Favorites Tools Help 
e.» . 08 4/09 a 3l 3 M., 
Back Forward Stop  Rehesh Home | Seach Favorites History Mail Print Edt Messenger 

| Address [27 http:/www.microsoft. com/hel/default asp 


ST Hardware Compatibility List 


Click on rows below for details, See the legend for information on what the icons represent. 
If the operating system you are looking for is not here, see device listings for older operating systems. 


Search for |All Products in |Video Capture/TV Tuner ps (£0) i 


Windows Windows Windows 
Type Company Name Product Name Windows 98 Me NT 40 2000 


Video 

Capture/TY ebb senn Dell Desktop TY [PCT] 
Tuner À 

Desktop TV [AGP] S 
Video 7 

Capture/TY DEORE Desktop TV [PCI] 
Tuner A 


Video : 
Capture/TV ATI WDM Video Capture For AIW © 


Video 
Dai Dfa Interactive 
Tuner i 


ne (AtiBt829) [PCT] B7 
Video > 
WDM Video Capture For AIW Pr © 
Faery Ce (AtiBte29Pro) [PCI / AGP ] ee 
idee. ATI Technologies, 
Capturerrv an All-In-Wonder 128 [AGP] | 


Last Updated on Monday, July 17, 2000 
2000 Microsoft Corporation. All rights reserved, Term: 


Done, but with errors on page. 


Figure 13-1 Some video capture cards compatible with Windows NT from the HCL 


The Windows NT Desktop. Beginning with Windows NT 4.0, the Windows NT desktop 
took on a similar look and feel to Windows 9x. Figure 13-2 shows the Windows NT desk- 
top with the Start menu and Control Panel showing, both of which work just as they do in 
Windows 9x, although some Control Panel icons are different. Shortcuts are created the 
same way as in Windows 9x, and the taskbar works in the same way, too. 13 
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Figure 13-2 The Windows NT desktop is similar to that of Windows 9x 
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+0S| The Windows NT Command Prompt. Another similarity between Windows NT and 
1.1 Windows 9x is the command prompt that allows the user to enter DOS-like commands. 
To access the command prompt, click Start, Programs, and Command Prompt (as in 
Figure 13-2). The Command Prompt window opens, as in Figure 13-3. From the com- 
mand prompt, you can enter DOS commands. In Windows 9x, the DOS prompt is actu- 
ally accessing a version of DOS (Windows 9x uses COMMAND.COM at startup). 
Windows NT, however, provides a DOS command interface primarily as a convenience 
for those wanting to use familiar DOS commands. There are no DOS programs underlying 

and running under Windows NT. 


Wi Command Prompt |. {OF x] 
Microsoft¢R> Windows NI<CTM> a 
<C> Copyright 1985-1996 Microsoft Corp. 

D:\>ver 


Windows NT Version 4.0 

D:\>dir 

Volume in drive D has no label. 
Volume Serial Number is 4634-6C?F 


Directory of D:N 


69/18/97 64:82p <DIR> WINNT 
69/18/97 G4:88p <DIR> Program Files 
69/18/97 G4:37p <DIR> TEM 
097/18/97 04:5ip <DIR> COLLWIN 
16/24/97 11:33a <DIR> NUTSBOLT 
11/14/97 G@8:58p 45,088,768 pagefile.sys 

6 File<s> 45,088,768 bytes 

261,087,232 bytes free 

DiN) m z 
4 H 2 


Figure 13-3 The Windows NT command prompt uses DOS-like commands 


As a side note, notice in Figure 13-2 that the Control Panel for Windows NT contains an 
icon, MSDOS, which is labeled Console. Double-click the Console icon to change the prop- 
erties of the DOS command window. The Console Windows Properties dialog box 
appears, which allows you to customize the Command Prompt window (see Figure 13-4). 


If you prefer to use the familiar command prompt often, you can create a shortcut to it by 
dragging this icon to the desktop. 


Choosing Between Windows 9x and Windows NT 
When choosing between using Windows 98 or Windows NT as your PC OS, consider the 
following: 
a Does Windows NT support all the hardware devices on your PC? (Check the 
hardware compatibility list.) 


m Is the PC powerful and big enough to support Windows NT? (See the hardware 
requirements listed earlier in the chapter, and then allow extra resources for your 
applications.) 
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Figure 13-4 Customizing the properties of the Command Prompt window 


m Will the software you intend to use on the PC work better under Windows 98 or 
Windows NT? Running older DOS and Windows 16-bit applications might be a 
problem in a Windows NT environment. Verify that your current, older software 
works under Windows NT, or plan to replace the current software with 32-bit 
versions. Be aware, however, that some 32-bit programs written for Windows 9x 
might not work under Windows NT because of differences in the API calls to the 
operating system. (An API is an application program interface, which is a method 
by which one program calls another program to perform a task.) 


m Is price a factor? Windows NT costs more than Windows 98. 


Upgrading from Windows 9x to Windows NT 


At os| Because Windows NT differs so fundamentally from Windows 9x, there is no automatic 
2.2 upgrade path from Windows 9x to Windows NT. When you change a PC from Windows 9x 
to Windows NT, you can install Windows NT in a different folder. No system settings in 
Windows 9x will be transferred to Windows NT. After Windows NT is installed, you must 
reinstall each application on the PC under Windows NT. Windows NT can be present as the 
only OS on a PC, or it can be installed on the same PC as Windows 9x. (How to set up this 

“dual boot” is discussed later in this chapter.) 


Registries 


The main reason Windows 9x cannot be easily upgraded to Windows NT is that their 
Registries are not compatible, which makes it difficult to transfer information from one to the 
other. (Remember that a Registry is a database containing all configuration information for 
the OS.) You do not have this problem when upgrading from Windows 3.x to Windows NT 
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because Windows NT can read the .ini files in Windows 3.x and transfer that information to 
the Windows NT Registry. Again, realize that Windows NT is not the next stepping stone 
beyond Windows 98, but a new road altogether. 


A Choice of File Systems 


Windows NT can work with two types of file systems: the FAT 16 file system, which is used by 
Windows 9x and its predecessors, and the Windows NT file system (NTFS), which works only 
with Windows NT. Windows NT does not support FAT32. (Recall that FAT32 was introduced 
by Windows 95 OSR2 and uses 32 bits for each FAT entry.) Windows NT also does not sup- 
port the High Performance File System (HPFS) used by OS/2. If a hard drive is using HPFS, 
use the Windows NT convert.exe utility to convert an HPFS partition to an NTFS partition. 


software packages to manage the interface, making it possible for Windows NT to read 


Even though Windows NT 4.0 does not support FAT32, you can use third-party utility 
from and write to FAT32. 


A file system is the method used by an OS to manage the data on a drive. The FAT 16 file 
system is backward-compatible with DOS and Windows 9x and uses less overhead than 
NTFS. The NTFS file system, on the other hand, is more fail-safe, provides more security, 
and is more efficient with large hard drives. Below, you see how these two file systems are 
built and then explore what to consider when choosing between the two. 


The FAT16 file system uses four components to manage data on a logical drive: the boot 
record, the FAT, directories, and data files. In contrast, the NTFS file system uses a database 
called the master file table (MFT) as its core component. The MFT tracks the contents of a 
logical drive using one or more rows in the table for each file or directory on the drive. As 
shown in Figure 13-5, the MFT contains in one record, or row, information about each file, 
including header information (abbreviated H in Microsoft documentation), standard infor- 
mation (SI) about the file (including date and time), filename (FN), security information 
about the file called the security descriptor (SD), and data about the location of the file. 
Entries in the MFT are ordered alphabetically by filename to speed up a search for a file 
listed in the table. When a drive is formatted for NTFS, each cluster on the hard drive can 
range from 512 bytes on smaller disks to 4K on larger disks. Clusters are numbered sequen- 
tially by logical cluster numbers (LCN) from the beginning to the end of the disk. 


Referring again to Figure 13-5, notice that the data area in the MFT record is 2K for small 
hard drives, but can be larger for larger hard drives. For small files, if the data can fit into the 
2K area, the file, including its data, is fully contained within the MFT. For small files, all the 
cluster information for a file can fit into this one data area, including all the cluster numbers 
for the file. Each cluster number is stored in a 64-bit entry, compared to either 16 bits for 
FAT 16 or 32 bits for FAT32. 


If the file is moderately large and the data does not fit into the MFT, the data area in the MFT 
becomes an extended attribute (EA) of the file, which points to the location of the data. The 
data itself is moved outside the table to clusters called runs. The record in the MFT for this 
moderately large file contains pointers to these runs. Each data run, or cluster, assigned to the 
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AY OS file is assigned a 64-bit virtual cluster number (VCN). The MFT maps the VCNs for the file 
1-3 onto the LCNSs for the drive. This mapping is stored in the area of the MFT record that 
would have contained the data if the file had been small enough. 


Method 1 (for small files): data is in the MFT record. 


Header Standard Fil Security 
information |information | "Ename Data descriptor 
(H) (SI) (N (SD) 


Method 2 (for large files): data area is used to hold pointers to runs. 
These pointers are called virtual cluster numbers, or VCNs. 


Extended 
H SI FN attribute (EA) sD 
containing VCNs 


K Ù ` 
Runs | Data Data Data 


Method 3 (for very large files): data area is used to hold pointers 
to other MFT records. 


H SI FN EA SD 


cs 


Runs | Data Data | Data Data Data 


Modified MFT | H 


Figure 13-5 The Windows NT file system Master File Table uses three methods to store 
files, depending on the file size 


If the file is so large that the pointers to all the VCNs cannot be contained in one MFT 
record, then additional MFT records are used. The first MFT record is called the base file 
record and holds the location of the other MFT records for this file. 


Advantages of NTFS and FAT16 When choosing between the NTFS file system and the 
FAT16 file system, consider the advantages that NTFS offers over the FAT: 


a NTFS is a recoverable file system. NTFS retains copies of its critical file system 
data and automatically recovers a failed file system, using this information the first 
time the disk is accessed after a file system failure. 


a NTFS offers increased security over the FAT file system. Security is provided for 
each file, and auditing information about access to files is more complete. 


a NTFS supports mirroring drives, meaning that two copies of data can be kept on 
two different drives to protect against permanent data loss in case of a hard drive 
crash. This feature makes the NTFS an important alternative for file servers. 
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a NTFS uses smaller cluster sizes than does FAT 16, making more efficient use of 
hard drive space when small files are used. 

a NTFS supports large-volume drives. NTFS uses 64-bit cluster numbers, whereas 
FAT16 uses 16-bit cluster numbers. Because the number of bits assigned to hold 
each cluster number is so large, the cluster number itself can be a large number, 
and the table can accommodate very large drives with many clusters. NTFS is 
overall a more effective file system for drives over 1 GB and offers more robust 
drive compression, allowing compression of individual folders and files. 


If the file system for the active partition of a PC is FAT, you can boot from a DOS boot disk 
drk and bypass the Windows NT security logon. When you use NTFS, you cannot boot from 
a DOS boot disk. Use NTFS if you want a high level of security. You can still boot the PC 


from Windows NT boot disks, but the Windows NT logon is required. In fact, if the one 
administrator forgets his password to the OS, the only recourse is to reload the OS. 


The advantages of the FAT file system over NTFS include: 


m The FAT16 file system has less overhead than the NTFS file system and, there- 
fore, works best for hard drives that are less than 500 MB. 


a The FAT file system is compatible with other operating systems. If you plan to use 
either DOS or Windows 9x on the same hard drive as Windows NT, use the FAT 
file system so that DOS and Windows 9x can access files used by Windows NT. 


m In the event of a serious problem with Windows NT, if you are using FAT16 on 
the active partition of the drive, you can boot the PC from a disk, using DOS, 
and gain access to the drive. 


You can choose to have Windows NT use NTFS by directing it to convert the hard drive 
from FAT16 to NTFS or by having Windows NT partition a drive so that one partition of 
the drive uses the FAT format and the other uses the NTFS format. Windows NT allows 
you to format logical drives with either FAT16 or NTFS on the same extended partition. 


Hard Drive Partitions 


Windows NT assigns two different functions to its hard drive partitions (see Figure 13-6). 
The system partition, normally drive C, is the active partition of the hard drive. This is the 
partition that contains the boot record (often called the DOS boot record). Remember that 
startup BIOS and then the master boot program in the boot sector look to this boot record 
for the boot program as the first step in turning the PC over to an OS. The other partition, 
called the boot partition, is the partition where the Windows NT operating system is 
stored. The system partition and the boot partition can be the same partition, or they can be 
separate partitions. Both can be formatted with either the FAT16 or NTFS. However, only 
Windows NT can read files formatted with NTFS. If you want another OS to access this 
hard drive, you must use the FAT16 file system for the partition that another OS accesses. 


Recall that Windows 9x, using Fdisk, can create two partitions, a primary and extended par- 
tition. The primary partition contains drive C and the extended partition can contain sev- 
eral volumes or logical drives. Also recall that each FAT16 volume can be no larger than 2 
GB. Using Windows NT, you can have up to four partitions. The first partition is the pri- 
mary and can have only a single drive C. One of the other three partitions can be an 
extended partition, which means it can have several volumes or logical drives. Because of the 
way Windows NT uses the FAT, each FAT16 volume can be up to 4 GB. The third and 
fourth partitions in Windows NT can each have a single volume. 
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+05 System Partition 
1.3 (Active Partition) Boot Partition 


Startup BIOS 

looks here for 
the boot record 
(usually in C:). 


Windows NT OS 


is installed here. 
(usually \WINNT) 


Figure 13-6 Two types of hard drive partitions 


Don't be confused by the terminology here. It is really true that, according to Windows NT 

terminology, the Windows NT OS is on the boot partition, and the boot record is on the 
system partition, even though that might sound backward. The PC boots from the system 
partition and loads the Windows NT operating system from the boot partition. 


The Dual Boot 


+05!) Remember that Windows NT can coexist on the same PC with either Windows 9x or 

2.1 DOS.The ability to boot from either Windows NT or another OS, such as Windows 9x or 

DOS, is called a dual boot. In a dual boot arrangement, the system partition must be FAT 
rather than NTFS, so that the non-NT OS (Windows 9x or DOS) can read it. 


Windows NT cannot access a FAT32 drive without third-party software. If you are using 
Windows 98 with FAT32 and want to create a dual boot with Windows NT, you must 
first convert to FAT16 or use third-party software to manage the Windows NT and 
FAT32 interface. To convert from FAT32 to FAT16, use a utility such as Partition Magic. 


Windows NT resides on the boot partition, which can also be formatted for the FAT16 file 
system and can share the same partition with the other OS or reside on a second partition, 
such as drive D. You can format this second partition with either FAT or NTFS. If drive D 
is NTFS, Windows 9x cannot read any data stored on that drive. If drive D is a FAT16 par- 
tition, either OS can read data from either drive. 


After both operating systems are installed, a startup menu appears, asking which OS to boot 
(similar to the menu provided when Windows 9x and DOS are on the same PC).The dis- 
advantage of a dual boot is that applications software cannot be easily shared between the 
two OSs. 
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THE WINDOWS NT ENVIRONMENT AND ARCHITECTURE 


Understanding the Windows NT environment and architecture begins with understanding 
the goals and objectives of Windows NT. This section begins by examining some of the 
objectives of Windows NT, which helps explain why Windows NT works the way it does. 
Following that discussion is an examination of how Windows NT accomplishes these 
objectives. 


The Goals of Windows NT 


Windows NT was conceived when IBM and Microsoft collaborated in building OS/2. While 
IBM took over OS/2, Microsoft redesigned and added to the original, calling the new OS 
Windows NT. The next evolution of the OS was called Windows 2000. Windows NT and 
Windows 2000 have many of the same objectives as UNIX and are considered the primary 
competitors to UNIX in the client/server industry. Because Windows NT and Windows 2000 
also function on a LAN, they are considered competitors of NetWare software by Novell, 
which is popular for managing LANs. Finally, Windows NT and Windows 2000 compete for 
some of the standalone PC market, contending with Windows 9x. In this discussion about the 
goals of Windows NT, the information given also applies to Windows 2000. For an OS to 
contend for so many markets, its objectives must, by nature, be many, including the following: 


a Room to grow. Windows NT is designed for expandability, so it can more eas- 
ily accommodate new hardware and software. The main way that NT does this is 
by using a modular approach to performing tasks. For example, remember that 
one way DOS is limited in allowing an application more memory addresses is 
that real-mode DOS drivers can access memory addresses directly without going 
through DOS, and thereby can “box in” an application in the first 640K of mem- 
ory addresses. (Remember from Chapter 4 that memory beginning just above 
640K cannot be allocated to applications.) With Windows NT, this “boxing in” 
can’t happen. Applications are required to pass their requests to NT, which 
processes them. Because of this layer of protection between software and hard- 
ware, when hardware requirements change, Windows NT manages the change; 
the application is insulated from the change. (However, a disadvantage to this 
approach is that Windows NT must have an interface to all new device drivers 
before any application operating under Windows NT can use a new device.) 


a Portability to different platforms. Because of the Windows NT modular 
approach, it easily ports to different platforms or hardware configurations, includ- 
ing different CPU technologies. Remember that the Windows NT installation 
CD-ROM comes with three directories ready to accommodate three different 
CPU technologies. Windows NT can do this by isolating parts of the OS from 
other parts in a modular fashion. The part of the OS that interacts with the hard- 
ware is the HAL, which is available in different versions, each designed to address 
the specifics of a particular CPU technology. The HAL is the only part of the OS 
that has to change when platforms change. The other components of the OS 
need not be changed when the platform changes. 
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a Compatibility with other OSs and legacy software. Because Windows NT 
had its beginnings in OS/2, Microsoft is committed to Windows NT being com- 
patible with software written for OS/2.As long as DOS applications don’t 
attempt to access resources directly, they too can run under Windows NT. 
Windows 3.x 16-bit applications can run under Windows NT in a virtual machine 
environment similar to a Windows 9x virtual machine (discussed at greater length 
below). Windows NT also supports POSIX (Portable OS Interface) based on 
UNIX, a set of standards adopted by the federal government to better ensure that 
operating systems and software can port more easily from one platform to another. 


a Security. Windows NT provides security similar to that on UNIX systems, 
which is greater than that found in Windows 9x. Windows NT security allows 
for: (1) the requirement that a user have a logon ID and password to gain access 
to the PC, (2) security between users on the same PC, so that one user can 
block another user from data or software, (3) auditing trails to identify security 
breaches, and (4) memory protection between different applications loaded at the 
same time. 


a Performance and Reliability. Although no OS is faultproof, Windows NT pro- 
vides a much more stable environment than do many OSs, including Windows 9x. 
Windows NT is less likely to hang, or “lock up,’ than are other PC OSs. If an 
application stalls, other applications also loaded are less likely to be affected. When 
using powerful workstations, Windows NT outperforms Windows 3.x and 
Windows 9x when running applications written for Windows NT, Windows 3.x, 
Windows 9x, and DOS. 


The Modular Concept of Windows NT 


Here’s an analogy to help you understand the modular concept of Windows NT.The idea is 
to isolate one process from another so that a change in one process has the least possible effect 
on the other processes. Consider the self-serve restaurant in Figure 13-7. In the process illus- 
trated in Figure 13-7a, customers arrive for breakfast, walk to the back of the restaurant, tell 
the cook what they want, wait for him to cook it, take it back to a table, and eat. Customers 
are responsible for getting their own drinks, silverware, etc. What is the flaw in this design? 
There are many, but concentrate on only one at this time. Suppose someone in the kitchen 
moves the silverware or installs a new and different drink-dispensing machine. How many 
people must learn a new process so the system can continue to work? Every customer. This 
process is nonmodular and clearly does not minimize the effect that a change in one part of 
the process has on other parts of the process. 
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Figure 13-7a_ In a nonmodular restaurant model, every customer is responsible for 
many of the steps in the process 
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Figure 13-7b In a partially modular restaurant model, customers are isolated from 
some processes 
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group #3: 
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waitresses 


Customers 


USERS AND APPLICATIONS 
(C=Customers) 
OPERATING SYSTEM 


H = Host/hostess = Employee group #1 ----------------- > User mode subsystem 

W = Waiter/waitress = Employee group #2 ----- ---> User mode subsystem | User mode 
CW = Counter worker = Employee group #3 --- ---> Executive services 

KW = Kitchen worker = Employee group #4 ------------ > HAL | Kernel mode 


Figure 13-7c In a highly modular restaurant model, employees are grouped by 
function, and customers interact only with one group of employees. 
Employee groups are analogous to different parts of the Windows NT 
operating system 


Now consider Figure 13-7b. A counter has been added, and customers are not allowed 
behind this counter. They come to the counter and tell others in the kitchen what they want 
to eat, and someone in the kitchen brings the food, drink, and silverware to them at the 
counter. Things work a little better now. When processes change in the kitchen, only employ- 
ees who work in the kitchen must be retrained. However, there is still a flaw in the efficiency 
of this design. Every kitchen worker must know how to cook and make drinks and where 
the silverware is located. This model introduces some benefits of a modular design, but still 
has flaws. 


Figure 13-7c further refines the process, and our restaurant is now a full-service, highly 
modular affair. Employees are divided into four groups, each with a different function. The 
first and second groups of employees—the hosts and hostesses, waiters and waitresses— 
interact with the customers, greeting them at the door, showing them their seats, taking 
orders, and serving food. The second group (the waiters and waitresses) also serves as an 
interface between customers and counter workers. The third group (the counter workers) 
stands between the kitchen counter and the customer counter, where the drink machines 
and the silverware are located. The waiters and waitresses pass food requests to the counter 
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workers, who pass the requests to the fourth group, the kitchen workers, who now only pre- 
pare the food. When the food is passed back to the counter workers, these workers gather 
up drinks, silverware, and food and pass them on to the waiters and waitresses, who serve the 
customers. This model uses a more modular arrangement that provides the benefits of sepa- 
rating processes from each other, even though the overhead (the additional resources needed 
to implement the new model) is higher than in the other models. 


What are the advantages of the last model? If the drink machine is upgraded, only the 
counter workers must be retrained. If the oven or stove in the kitchen is replaced with an 
altogether new electronic unit, only the kitchen workers change their methods. The counter 
workers are unaffected. The waiters and waitresses don’t need to know how to communi- 
cate with the cook, but can focus on customer service. The customer is isolated from the 
entire process. In comparing Figures 13-7a and 13-7c, on first appearance it looks as though 
the process has been complicated. There are more workers, and customers now have to wait 
to be seated. In fact, a new layer of complexity has been added, and two counters are 
required. However, it turns out that the advantages of the new system outweigh its disad- 
vantages and overhead. Not only can equipment be easily upgraded without having to 
retrain so many people or reorient customers to the new procedures, but the integrity of the 
operation is enhanced: because the processes have been separated from each other, they can 
now be more easily controlled. Standards and procedures can be more easily applied to each 
segment of the process because fewer people are involved at each step in the operation, which 
reduces confusion and improves the overall efficiency of the operation. In summary, the three 
main reasons to use the highly modular model rather than the nonmodular model are: 


a To make upgrades of equipment easier (Some employees and all customers are 
unaffected) 


a To increase the overall efficiency of the operation (each part of the process 
involves fewer people than in the other models) 


m To better ensure the integrity of processes (standards are more easily enforced) 


The process of running the restaurant can be viewed as analogous to the way operating sys- 
tems run a computer: the modular approach is analogous to the Windows NT OS, and the 
nonmodular approaches are analogous to earlier OSs. Customers can be viewed as a combi- 
nation of users and applications software; employees can be viewed as the OS; the stove, drink 
machine, silverware stand, etc., can be viewed as the hardware; and the cook can be viewed 
as those parts of the OS that relate directly to hardware, system BIOS, and device drivers. 
The process illustrated in Figure 13-7a is most analogous to DOS, in which applications were 
allowed “behind the counter” to interact directly with BIOS and device drivers, and even to 
perform some of their own operations with hardware, rather than necessarily turning to the 
OS to perform hardware operations. For example, in DOS, an application program written 
to address specific hardware configurations might depend on video BIOS always being found 
at certain memory addresses, and the program could access that BIOS directly. 


The process illustrated in Figure 13-7b is most analogous to a model of the Windows 9x 
OS, because the customers (the applications) are isolated from some of the interaction with 
the equipment (hardware), but not all. Notice, for instance, that the silverware stand is still 
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available for customer use; similarly, in Windows 9x, a 16-bit program can interact directly 
with video memory and other resources. 


The process illustrated in Figure 13-7c is most analogous to the Windows NT OS, which 
includes an additional layer between the applications (customers) and hardware (the restau- 
rant equipment); applications (customers) are almost completely isolated from interaction 
with hardware (restaurant equipment). In fact, the Windows NT architecture is divided into 
two core components called user mode and kernel mode. User mode is a nonprivileged 
processor mode in which programs have only limited access to system information and can 
only access hardware through other OS services. Kernel mode is a privileged processor 
mode in which programs have extensive access to system information and hardware. 


In the Windows NT analogy, the customers represent users and applications. The user mode 
includes the hosts and waiters, who represent the different subsystems within user mode (see 
Figure 13-8). The kernel mode is a combination of the counter workers and the kitchen 
workers. It is made up of two main parts: the HAL (the kitchen workers) and a part called 
executive services (the counter workers). Applications in user mode have no access to 
hardware resources. In kernel mode, executive services have limited access to hardware 
resources, but the HAL primarily interacts with hardware. 


The user and applications software 


User mode 
WIN32 WIN32 other 
subsystem security subsystems 
subsystem 


Kernel mode 


Executive Services 


I 
Hardware Abstraction Layer (HAL) 


Hardware 


Figure 13-8 User mode and kernel mode in Windows NT and how they relate to users, 
applications software, and hardware 


Windows NT was designed to easily port to different hardware platforms. Because only the 
kernel mode is actually interacting with hardware, it is the only part that needs to be 
changed when Windows NT moves from one hardware platform to another. For instance, 
if a major piece of hardware changes (in the restaurant analogy, a new stove in the kitchen), 
only the HAL must change. Minor hardware changes might cause changes in executive ser- 
vices. When hardware changes are made, the user mode requires little or no change. When 
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hardware improves, even though applications have these new resources available to them, 
they are not responsible for knowing how to interface with them. 


Limiting access to the hardware mainly to the HAL increases system integrity because more 
control is possible. With this isolation, an application cannot cause a system to hang by making 
illegal demands on hardware. Overall performance is increased because the HAL and executive 
services can operate independently of the slower, less efficient applications using them. 


On the other hand, it is easy to see why Windows NT requires a much more robust sys- 
tem than does Windows 9x or DOS. The increased overhead of this OS only benefits you 
when hardware and applications software are hefty enough to take advantage of the more 
powerful OS. 


User Mode 


In the restaurant analogy in Figure 13-7c, the purpose of the hosts and waiters is to interact 
with the customers. The purpose of the user mode is to interface with the user and with 
applications; what you view when running Windows NT is primarily running in user mode. 
User mode is divided into different modules called subsystems. There are two kinds of user 
mode subsystems, which are defined by their functions. Environment subsystems provide 
an environment for an application to run in; consider an environment subsystem a virtual 
machine, because it provides a total and complete environment for an application, and, in 
effect, places the application in “its own little world.” One example of a program that is part 
of the environment subsystem is Explorer. The second group of subsystems is the integral 
subsystems, which are used to provide services to the rest of the system. An example is the 
security subsystem serving other subsystems by handling the security for files and folders. 
The Windows NT logon screen belongs to this security subsystem. 


In Figure 13-8, note the Win32 subsystem, an environment subsystem, which is probably the 
most important user mode subsystem because it manages all 32-bit programs and provides the 
user interface (for example, Explorer). (Remember from Chapter 12 that 32-bit programs are 
programs written for protected mode using 32-bit code.) The Win32 security subsystem is an 
integral subsystem and provides logon to the system and other security functions, including 
privileges for file access. Other subsystems might or might not be running. 


All environment subsystems must relate to the executive services by way of the Win32 sub- 
system, which is itself an environment subsystem. Figure 13-9 shows how various programs 
that run under Windows NT interact with subsystems. For instance, each DOS application 
resides in its own NT virtual DOS machine (NTVDM), an environment where a DOS 
application can only interface with this one subsystem, and cannot relate to anything outside 
the system. All the 16-bit Windows 3.x applications reside in one NTVDM called a Win 16 
on Win 32 (WOW) environment. Within the WOW, these 16-bit applications can commu- 
nicate with one another, and they can communicate with the WOW, but that’s as far as their 
world goes. Because Windows 3.x is itself a DOS application, it must reside in an NTVDM. 
Figure 13-9 shows three 16-bit Windows 3.x applications residing in a WOW that resides in 
one NTVDM. Because DOS applications expect to run as the only application on a PC, each 
has its own NTVDM. 
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Figure 13-9 Environment subsystems in Windows NT user mode include NTVDMs for 
DOS and Windows 3.x applications and optional multithreading for 
32-bit applications 


You can see in Figure 13-9 that 32-bit applications do not require an NTVDM and can 
relate to the Win32 subsystem directly, because they are written to run in protected mode. 
The figure shows that 32-bit applications can also use a single line of communication (called 
single threading) with the Win32 subsystem or can use multiple lines for interfacing (called 
multithreading) with the Win32 subsystem, depending upon what the application requests. 
An example of multithreading is an application request that the subsystem read a large file 
from the hard drive while performing a print job at the same time. Single threading happens 
when the application does not expect both processes to be performed at the same time, but 
simply passes one request followed by another. 


Kernel Mode 


Remember that the kernel mode of Windows NT includes executive services and the HAL, 
which interface more directly with the hardware than does the user mode. Figure 13-10 
expands the information from Figure 13-8 to show several of the components of the exec- 
utive services portion of the kernel mode. Most interaction with the hardware is done by 
executive services passing the request to the HAL. However, from the diagram, you see that 
executive services includes device drivers, which have direct access to the hardware. 
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Figure 13-10 Components in the Windows NT kernel mode relate to subsystems in user 
mode and relate to hardware 


Only kernel mode components can access hardware. However, in DOS, applications can 
access hardware resources directly, or they can use an API call to ask DOS to perform the 
task. In Windows NT, if a DOS application tried to directly access the printer port LPT1, 
Windows NT would shut down the DOS application. But if the DOS application tried to 
access the printer by passing a DOS API call to the Windows NT NTVDM, it would be 
allowed to proceed. 


Windows NT Memory Model 


An excellent example of how the user mode subsystems, executive services, and the HAL all 
cooperate and work together is memory management (see Figure 13-11).Windows NT pro- 
vides memory addresses to an application by way of the WIN32 user mode subsystem. When 
an application requests the subsystem to write data to some of these assigned addresses, the 
subsystem turns to the executive services for this service. The component within executive 
services that manages memory (the virtual memory manager) is responsible for coordinat- 
ing the interface between the user subsystem and the HAL. This executive service presents 
the request to the HAL, which is responsible for the actual writing of the data to memory 
and responds to the executive service when finished. The executive service then reports back 
to the user subsystem, which, in turn, reports back to the application. 


Chapter 4 introduced the Windows NT memory model, which is shown in Figure 13-11. 
In Figure 13-10, you can see that the virtual memory manager is part of the executive ser- 
vices of the kernel mode. This memory manager interfaces with physical memory in RAM 
and virtual memory on the hard drive (contained in the Pagefile.sys file) by way of the HAL. 
Each 32-bit application and NTVDM is assigned its own memory address space, which the 
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virtual memory manager maps onto physical and/or virtual memory. By this method, an 
application cannot hang the system by storing information in memory that another applica- 
tion or the OS is trying to read, since the application cannot directly access memory. 


RAM 
4K page 
4K page 
4K page 


Windows NT 
Memory virtual 
Application 1 |<—»]| space for |«—> memory 
application 1 manager 
— Menor Se Virtual memory 
fauieauon 2 space for “> Pagefile.sys 
application 2 


Figure 13-11 Windows NT memory management 


The NT virtual memory manager assigns only one set of memory addresses to each virtual 
machine, even if more than one application is resident. It is then the job of the resident appli- 
cations to share the memory. For instance, in Figure 13-9, three 16-bit applications share the 
same virtual DOS machine inside a WOW. Therefore, the virtual memory manager would 
have all three 16-bit applications in the WOW share what is considered one virtual address 
space. These 16-bit applications are responsible for managing their memory addresses so that 
they do not write to each others’ memory addresses and cause another application to hang. 
The 16-bit applications are sharing memory address space so that they can pass information 
back and forth through these addresses, as when a spreadsheet passes a graph to a word 
processor. However, if you want a Windows 16-bit application to have full access to all 
resources in the NTVDM, you can set the application into its own unique NTVDM apart 
from other 16-bit Windows applications. Doing so isolates the application from other 16-bit 
applications and means they cannot share information. 


Processes and Threads 


Windows NT is a multithreaded OS, which allows for powerful programming so that appli- 
cations can request more than one event from the CPU to be processed at the same time, 
and, if the system contains more than one CPU, Windows NT can support this true multi- 
tasking environment. Understanding processes and threads is important to grasping the full 
power of Windows NT. Remember from earlier in the book that a program is a file sitting 
on secondary storage or ROM BIOS that contains a set of instructions to perform one or 
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more functions.A process is a program or group of programs that is running, together with 
the system resources assigned to it, such as memory addresses, environmental variables, and 
other resources. Also, more than one process can run for the same program at the same time. 
For example, in Figure 13-9, each NTVDM and each 32-bit application is a process. Three 
NTVDM processes are running, even though all three originated from a single NTVDM 
program stored on the hard drive. The NTVDM process that contains the WOW has at least 
three (actually more) programs sharing one process. A thread is a single task that the process 
requests from the kernel, such as the task of printing a file. An NTVDM process can only 
manage one thread at a time. It passes one task to the kernel and must wait for its comple- 
tion before passing another task. A 32-bit application written for either Windows 9x or 
Windows NT can pass more than one thread to the kernel at the same time (multithread- 
ing). For example, the application might have one thread performing a print job while it con- 
tinues with another thread to read a file. An application must be specifically written to manage 
multithreading. If a computer system contains more than one CPU, the kernel mode man- 
ages the threads in such a way that one thread is passed to one CPU and another thread is 
passed to the other CPU, which makes for a true multitasking environment. 


Here is an excellent comparison between the potential performance of Windows NT and 
that of Windows 9x. Compare Figure 13-9 to Figure 12-14 of Chapter 12, where the 
Windows 9x virtual machine concept is presented. In Windows 9x, all 32-bit and 16-bit appli- 
cations run in a single virtual machine. With Windows NT, a 32-bit application is not only 
released from having to share resources with other applications in the Windows 9x virtual 
machine, but also can use multithreading so that it can make simultaneous requests to the 
CPU. However, although you can see the potential for more robust performance under 
Windows NT, the advantage is lost unless the hardware can handle these requests for 
resources. If the hardware is very limited, the overhead of Windows NT actually slows down 
performance. 


Virtual DOS Machine 


Remember that a virtual DOS machine isolates an application from the rest of the system 
by providing the entire DOS-like environment to the application. Because a common chal- 
lenge that arises when a system is running Windows NT is having to run 16-bit applications 
in a Windows NT environment, NTVDMs are explained in more detail below. A Windows 
NT virtual DOS machine is made up of four main components: 


a Ntvdm.exe, which emulates a DOS environment 
a Ntio.sys, which performs the same function as IO.SYS in DOS 
a Ntdos.sys, which performs the same function as MSDOS.SYS in DOS 


a An instruction execution unit, which is only required for RISC-based computers, 
because DOS applications expect to work on an Intel-based CPU 


As you can see from the four components listed above, all the basics of DOS are present in 
an NT'VDM. 
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In order for a WOW to run within an NTVDM, the following components are also run- 
ning within this one NTVDM process: 


m Wowexec.exe, which emulates the Windows 3.x environment 


a Wow32.dll, which emulates the DLL layers of Windows 3.x, which enhance 16- 
bit applications 


m Krnl386.exe, User.exe, and Gdi.exe, which emulate the corresponding three core 
programs in Windows 3.x 


When Windows NT is loaded, a single NTVDM starts, which is then ready to run any 16- 
bit Windows applications that are loaded. One limitation of a WOW is that there is no com- 
munication between a 16-bit application running in the WOW and a 32-bit application or 
process running outside the WOW It can be a difficult, if not impossible, chore for these two 
applications to communicate. (For example, if you are using a 32-bit word processor and have 
a graph on a spreadsheet that is a 16-bit application, the spreadsheet probably cannot pass the 
graph to the word processor.) Setting up an NTVDM is covered later in this chapter. 


Windows NT Networking 


A' osl One of the main reasons Windows NT is chosen as an OS is its strong networking features. 

4.1 Remember that there are two versions of Windows NT: Windows NT Workstation and 
Windows NT Server. In a general PC environment, a workstation is a desktop PC that both 
accesses a network and works as a standalone PC. In the most general sense, a server is a com- 
puter that contains data, software, and security validation files that are shared simultaneously 
by workstations on the network.A server on the network is generally not also a workstation. 
Even though it may have a keyboard and monitor connected to it, these are generally only 
used by a network administrator to administer and monitor the network; the server is solely 
dedicated to serving the network. 


All the functionality offered by Windows NT Workstation is available with Windows NT 
Server. The primary difference between the two is that Windows NT Server offers the addi- 
tional functionality of administering and monitoring the network from this centralized loca- 
tion. However, either OS can be configured to work as one node in a workgroup or as one 
node on a domain. A workgroup is a logical group of computers and users that share 
resources (Figure 13-12), where the control of administration, resources, and security is dis- 
tributed throughout the network. A Windows NT domain is a group of networked com- 
puters that share a centralized directory database of user account information and security 
for the entire set of computers (Figure 13-13). 


When a group of computers is connected to share resources, you can configure these com- 
puters as a network using the workgroup model (the network is administered from individ- 
ual PCs in a workgroup), or use the domain model (the network is administered from a 
centralized location in the domain). Resources including data, software, and printers can be 
shared using either model. 
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Figure 13-12 A Windows NT workgroup 
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Figure 13-13 A Windows NT domain 


Also, as you learn about workgroups and domains, remember that in either case, the group 
of computers is a logical group, not a geographical group. A workgroup of computers can be 
in a single building, or it can include PCs in other cities. Distance makes no difference, as 
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At OS) long as there is networked connectivity either over phone lines or by other means. PCs are 
4.1\ srouped together to share resources—for example, a sales staff might need to share a market- 
ing database, and the accounting staff of a company might need to share a journals database. 
People in both groups are spread over several cities. Members of the sales staff make up the 
sales workgroup, and members of the accounting staff make up the accounting workgroup, so 

each user can share resources within the appropriate group. 


When you implement Windows NT Workstation, it is often necessary to set users up in a 
workgroup with other PCs using Windows NT or Windows 9x and to configure the PCs 
to be members of a domain controlled by a Windows NT server. Understanding the con- 
cepts of workgroups and domains and how they are managed is the first step in learning how 
to support them. 


Using Workgroups and Domains 


In a workgroup, every computer has its own directory database of user accounts and security 
policies. Each computer in a workgroup manages the accounts on that computer for other 
users and computers that want to access information on it. If you are a member of a work- 
group and want to allow another user on another PC to access files on your PC, you must 
establish an account for that user. The information about that account is kept only on your PC. 


A workgroup can be made up of computers that use either Windows NT Workstation or 
Windows NT Server. However, PCs that have Windows NT Server installed must be config- 
ured as standalone units. A workgroup does not require a Windows NT server to be present. 
Workgroups have no centralized account management or security. Workgroups are generally 
used for a small group of workstations, and the PC support person usually manages each user 
account on each PC in the workgroup.A domain is used for a large number of workstations, 
and security for the domain shifts to a business-wide or enterprise function of a network 
administrator controlling security from a single console. 


In a Windows NT domain, a network administrator manages access to the network through 
a centralized database. In Figure 13-13, you see the possible different components of a 
Windows NT domain. Every domain has a primary domain controller (PDC), which 
stores and controls a database of (1) user accounts, (2) group accounts, and (3) computer 
accounts. This database is called the directory database or the security accounts manager 
(SAM) database. 


The directory database can be updated by an administrator logged on to any workstation or 
server on the domain by accessing the PDC, but the domain can have only one PDC. One 
or more read-only backup copies of the directory database can be kept on other computers. 
Each computer with a backup of the directory database is called a backup domain con- 
troller (BDC).A system can be set up so that whenever the database on the PDC is updated, 
copies are written to each BDC, which is called replication or automated duplication. In 
Figure 13-13, there are two BDCs, each keeping a copy of the directory database. BDCs use 
their copy of the SAM database to authenticate users as they log on, thereby relieving the 
PDC of the burden of authentication functions. This sharing of functions improves perfor- 
mance in domains with many (more than 1000) workstations. Workstations on the domain 
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are in the lower part of Figure 13-13.A Windows NT network can contain these OSs func- 
tioning in these ways: Windows NT Server functioning as a PDC, a BDC, or as a standalone 
server (a server on the network that has no domain controller functions); Windows NT 
Workstation functioning as a workstation or as a standalone server, and Windows 9x. 


User Accounts 


User accounts are used on PCs to control who has access to what programs, files, and other 
resources on a PC or network. When using DOS and Windows 9x, the only all-encompassing 
security is a power-on password, which is a function of the ROM BIOS rather than the OS. 
Windows NT, however, provides an all-encompassing security feature to the PC.To gain access 
to a computer, a user must have a user account on that computer, which, in a workgroup, 
must be set up on each computer, or, in a domain, can be set up from the centralized domain 
server. During the Windows NT installation, an administrator account is always created. An 
administrator has rights and permissions to all computer software and hardware resources. 


When Windows NT first boots, someone must log on before the OS can be used. You see 
the logon screen when you press the Ctrl+Alt+Del keys together. (Remember that these 
keystrokes in the DOS and Windows 9x environment are used to soft boot.) To log on, enter 
a username and password and click OK. Windows NT tracks which user is logged on to the 
system and grants rights and permissions according to the user’s group or to specific per- 
missions granted this user by the administrator. 


Administering a Network Besides access to the network, permissions granted to a user and 
the OS environment that the user has are also controlled by the administrator. An adminis- 
trator can create user groups and assign restrictions and rights to the entire group that apply 
to all users. An administrator can also assign individual restrictions and rights to a single user. 
A user profile is a record of information about an authorized user that is used for security 
and other reasons. It can include the desktop configuration, sound, color, and resources that 
should be made available to a particular user. The information is kept in a file with a .usr file 
extension. The administrator can modify a user profile or group profile to control the types 
of changes a user can make to his or her environment, including the ability to install or con- 
figure software or hardware. 


In a typical office environment, a single administrator is responsible for maintaining and sup- 
porting the hardware and software of many PCs.An administrator usually controls what users 
can do through user profiles, most commonly giving users just enough rights and permis- 
sions to perform their jobs, but not enough to alter hardware or software settings. Thus, users 
can be denied the ability to set an environmental variable, install a printer, install software, or 
do any other chores that change the PC software or hardware environment. In many office 
environments, gone are the days when employees could bring that favorite screensaver or 
game to work and install it on their PC. 


Using Windows NT Server, an administrator can set profiles for an entire network of work- 
stations from his or her PC. The profiles are stored on the server, which can allow users to 
move from PC to PC with their profiles following them. These users are known to 
Windows NT as roaming users. 
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Creating a User Account. User accounts are created and managed by the User Manager 
portion of Windows NT. Follow these directions to set up a new user account. 


1. Click Start, point to Programs, Administrative Tools, and then click User 
Manager (see Figure 13-14). The User Manager screen is displayed. The default 
user accounts, those that NT sets up as part of installation, are an administrator 


account and one guest account. 


3 N =| Accessories 
(=) Startup 
r i Command Prompt 


> Qy Windows NT Explorer 
FS Administrative Tools (Common) > T Backup 


L5 Collage Complete > SY) Disk Administrator 
( Startup > [O] Event Viewer 
X Performance Monitor 


afb Remote Access Admin 


rograms 


£4 Windows NT Diagnostics 


Figure 13-14 The User Manager under Administrative Tools of Windows NT can be used 
to add a new user 


2. To create a new user account, click User on the menu bar and then click New 
User. The New User dialog box opens (see Figure 13-15). 


-ioj x! 


: User Manager 
User Policies Options Help 
Username |Full Name \Descrintion 


© Guest 
Username: [JEAN 
Full Name: [lean Andrews Cancel | 
Help | 


Description: |Limited access user 


Grn Password [== 
Administrators gonm ¢ eo 
Backup Operators Cnc 
Guests I User Must Change Password at Next Logon 
Power Users I User Cannot Change Password 
Replicator ý 
Users I Password Never Expires 

I Account Disabled 


Figure 13-15 Use the New User dialog box to provide information about a user 
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3. Enter the information requested about the user. When logging on, the user will 
enter the username and password. Notice in Figure 13-15 that the option has 
been selected that requires the user to change his/her password at the next logon. 


4. Click the Groups button at the bottom of the dialog box to open the Group 
Memberships dialog box (see Figure 13-16), showing that in this example the 
new user JEAN is a member of the Users group, the default choice unless the 
administrator changes it. The available groups that a user is not a member of are 
listed on the right. The group with the most rights is the Administrators group. 
The administrator can assign rights to an entire group that apply to all users in that 
group. Click OK to return to the New User dialog box. 


Group Memberships xi 
User: JEAN lean Andrews) 
Cancel 
Help 
Member of: Not member of: 
Users Administrators 


Backup Operators 
Guests 

Power Users 
Replicator 


<- Add | a 


Figure 13-16 Assigning a group membership to a user 


5. In the New User dialog box, click the Dialin button to open the Dialin 
Information dialog box (see Figure 13-17). 


Dialin Information Eg 
User JEAN [Jean Andrews) 
Cancel | 

Help | 


Call Back 


@ No Call Back 
C Set By Caller 


C Preset To: | 


Figure 13-17 Use the Dialin Information dialog box to give a new user permission to dial 
in to this workstation 
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6. Check the Grant dialin permission to user box to allow the user to access 
this workstation from a remote PC using a modem. 


7. Click OK to return to the New User dialog box. 


8. In the New User dialog box, click the Profile button and enter the path and 
name of a profile file to apply to this individual user. Then click OK. 


9. In the New User dialog box, click OK to complete the task of adding a new user 
to the workstation. 


To verify that the new account works correctly, log off the system as the administrator and 
log back on as the new user. To log off, press Ctrl+Alt+Del. The Windows NT Security 
dialog box opens (see Figure 13-18). Click the Logoff button. The Windows NT logo screen 
appears, and no more activity is allowed at this PC until a user logs on. Press Ctrl+Alt+Del 
again to display the logon screen. Enter the new username and password to access the PC 
under this new user account. 


Windows NT Security x| 


Logon Information 
You are logged on as MYRTLETREE1'administrator. 


Logon Date: 11/14/97 8:58:33 PM 


Use the Task Manager to close an application that is not responding. 


i n | Logoff... | Shut Down... | 
Change Password... | Task Manager... | Cancel | 


Figure 13-18 Log off the computer using the Windows NT Security dialog box 


To demonstrate one way in which Windows NT grants permissions to or withholds per- 
missions from different users, try to establish a new user account different from the JEAN 
account you just created. From the JEAN account, open the User Manager window again. 
Click Start, point to Programs, Administrative Tools, and then click User Manager to 
open the window. Click User on the menu bar, and then click New User (Figure 13-19). 
Notice that both the New User and Copy options are grayed out on the User menu, because 
the JEAN account is not allowed to execute these functions. In contrast, the administrator 
account user menu showed all options in dark type, giving the Administrator access to any 
of them. 


694 Chapter 13 Understanding and Supporting Windows NT Workstation 


i User Manager |. [OF x} 
‘ Policies Options Help 
New User Full Name Description 
New Local Group.. E E ae 
Co rs Built-in account for que 
Copy g ee 
Jean Andrews Limited access user 
Delete Del 
Rename... 
Properties... Enter 
Exit AlteF4 
Groups Description 


& Administrators Members can fully administer the computer/domg 
& Backup Operators Members can bypass file security to back up file 
x Guests Users granted quest access to the computer/do 
& Power Users Members can share directories and printers 


x Replicator Supports file replication in a domain 
x Users Ordinary users 


Figure 13-19 Windows NT controls access to options by "graying out” options to users 
who have not been assigned rights to them 


INSTALLING AND CUSTOMIZING WINDOws NT 


This section gives the step-by-step process to install Windows NT. In the following example, 
we will first examine the system to see if it qualifies for Windows NT and then install the OS. 


Preparing for the Installation 


Before beginning the installation of Windows NT or upgrading from DOS or Windows 9x 
to Windows NTT, you need to prepare for the installation. 


Preparing for Windows NT 


To determine if your hardware can support Windows NT, begin by searching the HCL. If 
a device on your system is not on the HCL, contact the manufacturer for a Windows NT 
driver. (Remember that if no driver exists, you cannot use the device with Windows NT.) 
Be sure you have enough hard drive space. Windows NT requires about 120 MB of drive 
space to install itself, and more if the cluster size is large. A floppy drive and CD-ROM drive 
are required. For computers without a CD-ROM drive, Windows NT can be installed from 
a server over a network. 


If you are using an Intel-based computer, you can use the NT Hardware Qualifier 
(NTHQ) program found on the Windows NT installation CD-ROM to determine if your 
system can handle Windows NT. To use Qualifier, boot from a disk onto which you have 
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copied the program, and the utility will examine your system to determine if all hardware pre- 
sent qualifies for NT. Use the following directions to create and use the NT Hardware 
Qualifier: 


Create the NTHQ bootable disk using any computer that has DOS or Windows 9x installed: 
1. Insert a bootable disk in drive A. 


2. To have Windows NT create the Hardware Qualifier disk, from a DOS prompt 
or from the Run dialog box of Windows 9x, enter this command substituting the 
drive letter of your CD-ROM drive: 


D: \Support \Hqtool\MakeDisk.bat 


3. Using the computer that you want to install Windows NT, boot from the newly 
created disk. The following message will be displayed on your screen: 


Preparing NTHQ 


You can watch as NT tells you it is creating a RAM drive and copying files to it. 
Next a screen appears informing you that the report the utility generates will 
take several minutes and will be written to the disk and saved as Nthq.txt. 


4. Print the report. 


Figure 13-20 contains a portion of a sample report from the NTHQ. Note that the two 
devices listed at the top were not found in the NTHQ.To determine if these devices will 
work with Windows NT, check the latest HCL on the Microsoft Web site or contact the 
manufacturer of each device. 


Adapter Description: CIRRUS LOGIN PnP V34 MODEM 
Adapter Device ID: CIR1000 
Listed in Hardware Compatibility List: Not found-check the latest HCL 


Adapter Description: OPL3-SAX Sound Board 
Adapter Device ID: YMH0024 
Listed in Hardware Compatibility List: Not found-check the latest HCL 


Adapter Description: S3 Inc. 801/928/964 
Listed in Hardware Compatibility List: Yes 


Adapter Description: Adaptec AHA-1522 
Listed in Hardware Compatibility List: Yes 


Adapter Description: Sound Blaster Adapter or compatibles 
Listed in Hardware Compatibility List: Yes 


Adapter Description: Joystick/game port 
Listed in Hardware Compatibility List: Yes 


Figure 13-20 Sample report from the NT Hardware Qualifier 
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Choosing the Right File System 


Remember that when you install Windows NT, you must consider a number of criteria 
before choosing which of the two available file systems you want, FAT16 or NTFS. If you 
plan to have a dual boot on your PC with either DOS or Windows 9x, use the FAT 16 file 
system. If you need a high level of security, remember that NTFS offers a higher level of 
security, including security features unavailable with FAT. If Windows NT is the only OS on 
the hard drive and security is an issue, then use NTFS. RISC-based computers must use FAT 
for the active partition. 


Step-by-Step Installation 


Below is a discussion of how to install Windows NT as the only OS on a system, and as the 
second OS on a system that already has Windows 9x, creating a dual boot. 


Installing Windows NT as the Only OS 


Windows NT comes with three disks that contain a simplified version of Windows NT, 
enough to boot a PC. If the hard drive does not contain an OS, the installation begins by 
booting from these three disks. After Windows NT has loaded these three disks, it can access 
the CD-ROM drive, and installation continues from the CD.The program on the CD exe- 
cuted at that point is Winnt.exe. A faster version of Winnt.exe on the CD-ROM named 
Winnt32.exe also can be used instead of Winnt.exe. Winnt32.exe can be run only after 
Windows NT has already been installed the first time; it is used to upgrade from an older ver- 
sion of NT to a new version or to reinstall a corrupted version. 


The three setup disks can later be used to boot the PC if files on the hard drive become cor- 
rupted. You can also create a new set of bootable disks. How to do this is discussed later in 
the chapter. 


Follow these steps to install Windows NT: 


1. Insert the Windows NT CD in the CD-ROM drive, insert setup disk 1 into the 
floppy drive, and boot the PC. You will be asked to insert disk 2. 


2. You see a “Welcome to Setup” message. You will be asked to insert disk 3. Press 
Enter to continue. Setup lists the mass storage devices it detected. Press Enter to 
continue. 


3. The licensing agreement appears. Scroll to the bottom of the document and press 
F8 to indicate your agreement and continue. 


4. Setup lists hardware and software components it detected. Press Enter to continue. 


5. Setup lists existing partitions and space available for creating new partitions. For 
example, if part of the drive has previously been formatted as drive C with 
2047 MB of storage and the other part is still unpartitioned, the following 
information appears: 


2442 MB Disk 0 at Id 0 on bus 0 on atapi 
C: FAT 2047 MB 
Unpartitioned space 394 MB 


7. 


10. 


11. 


12. 
13. 
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Setup is listing the spaces on the hard drive where it can install the OS, and ask- 
ing you to make the choice. For this example, highlight Unpartitioned Space 
and press C to create a new partition. 


. Setup asks you for the size of the partition, creates it, and informs you it will next 


format the partition, and prompts you to select a file system for the partition. It 
then lists the following file systems: 


Format the partition using the FAT file system 
Format the partition using the NTFS file system 


Select a file system and press Enter. 
After the formatting is completed, Setup asks for this information: 


Setup installs Windows NT files onto your hard disk. 
Choose the location where you want those files to be 
installed: \WINNT 


The default choice is to install Windows NT in the \Winnt directory. Accept the 
default by pressing Enter. 


. Setup now asks for permission to examine the hard drive for corruption. You can 


either allow it by pressing Enter or skip this examination by pressing Esc. 


. Setup tells you that it is copying files to the hard drive. After the copying is com- 


plete, the following message appears: 


Press ENTER to restart your computer. 
When your computer restarts, Setup will continue. 


Up to this point in the installation, all screens appeared to be DOS-like with 
little graphic user interface and no use of the mouse. When the PC reboots, you 
are using a true Windows GUI.The opening screen lists the three steps that 
Windows NT performs to complete the installation: 


1) Gathering information about your computer 
2) Installing Windows NT networking 
3) Finishing Setup 


The first item in the list is highlighted. Using the mouse, click Next to continue 
the installation. 


Setup offers four options: 


Typical 
Portable 
Compact 
Custom 


+ + + + 


Select Typical and click Next to continue. 
Setup requests a name and the name of your organization. Provide them. 


You are then asked to enter the CD key that identifies the copy of Windows NT 
being installed. Provide that. 
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14. 


15, 


16. 


17. 


18. 


19. 


20. 


ai 


22. 


23. 


Setup then requests a computer name. You are told that the name must be 15 char- 
acters or less and must be unique for your network. This computer name will later 
be used to identify this computer on a network. Enter the name and click Next. 


Remember that every Windows NT workstation has an administrator account by 
default. Setup asks for the password for this account: 


Administrator Account 
Password: 
Confirm Password: 


Administrators have full privileges on the workstation. Users have fewer privileges, 
depending on what the administrator assigns them. If other users who will not have 
administrator privileges will be using this workstation, or if you are concerned 
about security at this PC, enter a password. If you are the sole user of this PC and 
security is not an issue, you do not need to enter a password. Just press Enter. 


Setup gives you the option to create an emergency repair disk (ERD, discussed 
later in the chapter). Select Yes to create the emergency repair disk, and then 
click Next to continue. 


Setup gives you the option to choose what components to install. Since you can 
later easily install components not installed during the installation, choose Install 
the most common components. 


Setup returns to the opening Windows NT setup screen (see Step 11) and con- 
tinues with Installing Windows NT networking. 


The choices presented are: 


Do not connect this computer to a network at this time 
This computer will participate on a network, either: 
Wired to the network (ISDN adapter or network adapter) 
Connected remotely to the network using a modem 


For this example, choose Do not connect the computer to a network at 
this time, and click Next to continue. 


Setup returns to the opening screen (see Step 11). Click Finish to finish Setup. 
You are asked to select the date and time from the Date/Time Properties sheet. 
Click Close. 


Setup automatically detects the correct display adapter. You can change any 
options on the Display Properties sheet and then click OK. 


Setup requests that you insert a blank disk labeled emergency repair disk. Insert a 
blank disk and click OK. Setup creates the repair disk. 


You are instructed to remove the CD and disk from the drives and restart the PC. 
The installation is done. 
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Installing Windows NT as the Second OS on the Hard Drive 


Installing Windows NT on a hard drive to create a dual boot begins differently, but is other- 
wise the same as installing Windows NT as the only OS. The Windows NT installation files are 
stored in the \I386 directory on the CD-ROM drive. If hard drive space is plentiful, you can 
copy the contents of the \I1386 directory and its subdirectories to the hard drive and perform 
the installation from there, which is faster because access to the hard drive is faster than access 
to the CD-ROM drive. If the computer is connected to a network, the contents of the \I386 
directory can be copied to the network server, and the Winnt.exe program can be executed 
from the server to install Windows NT on the PC, if certain conditions exist. (Installations from 
servers are not covered in this chapter.) 


Follow these directions to install Windows NT from the CD-ROM drive as a second OS: 


1. Insert the Windows NT installation CD in the drive. If the PC auto-detects the 
CD, you see the Windows NT opening screen. Click Windows NT Setup. If 
the PC does not auto-detect the CD, click Start, Run and enter this command 
in the Run dialog box substituting the drive letter of your CD-ROM drive: 
D:\I386\ Winnt.exe. 


2. A dialog box appears (Figure 13-21) asking for the location of the installation 
files. For Intel-based computers, choose the \I386 directory. Confirm the loca- 
tion of the installation files and press Enter. If setup can recognize a formatted 
hard drive, it copies files from the installation source media (in this example, the 
CD-ROM drive) to the hard drive. 


: Windows NT CD-ROM 


Figure 13-21 The first dialog box of the Windows NT Setup program asking for the 
location of the installation files 


3. Reboot the PC. Then the installation continues as described above beginning 
with Step 2. 
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After the installation is complete, when the PC reboots, it detects two OSs, and shows a startup 
menu (called the boot loader menu), giving you the choice between Windows NT 
Workstation Version 4.0 and Microsoft Windows (Windows 95 or 98). Select Windows NT 
Workstation version 4.0, which then loads. 


An Installing a Local or Network Printer 


After the Windows NT installation is complete, you can install a printer. Follow these step- 
by-step directions: 


1. Click Start, point to Settings, and then click Printers. The Printers screen opens. 


2. Double-click Add Printer. The Add Printer Wizard opens, as in Figure 13-22. If 
this is a local printer operating from the PC’s printer port, select My Computer 
and click Next. 


3. A list of ports is displayed. Select LPT1: and click Next. 


4. A list of manufacturers and printer models is displayed (see Figure 13-23). Select 
first the manufacturer and then the model from the list. If your printer is not 
listed, and you have the printer driver for Windows NT on disk or CD-ROM, 
click Have Disk. Drivers designed for Windows 9x might or might not work. If 
you select a manufacturer and model from the Windows NT list, Windows NT 
asks for the location of the \I386 directory where driver files are located. Insert 
the Windows NT CD-ROM and, if necessary, change the path to the files in the 
dialog box that is displayed. 


Add Printer Wizard 


This wizard helps you install your printer or make printer 
connections. This printer will be managed by: 


© Network printer server 


Connect to a printer on another machine. All settings for 
this printer are managed by a print server that has been set 
up by an administrator. 


< Back Next > Cancel | 


Figure 13-22 The Add Printer Wizard 


can copy the entire contents of the \1386 directory and its subdirectories from the CD 


To eliminate the need to have the CD-ROM readily available for installing a device, you 
to your hard drive or to a server on your network. 


Supporting Windows NT and Applications 701 


+ os Add Printer Wizard 
4.1 
A Click the manufacturer and model of your printer. If your printer came with an 
Ce installation disk, click Have Disk. If your printer is not listed, consult your 
Printer documentation for a compatible printer. 


Manufacturers: Printers: 


Canon BubbleJet BJ-10e 
Canon BubbleJet BJ-10ex 
Canon BubbleJet BJ-10sx 
Canon BubbleJet BJ-20 
Canon BubbleJet BJ-30 
Canon BubbleJet BJ-100 
Cannon Rubbleslet RI-130N = 


Have Disk... | 


< Back Cancel | 


Dataproducts H 
X 


Dicnnix 


Figure 13-23 Select the manufacturer and model of your printer 


5. You are asked for the printer name, which will later appear in the list of available 
printers. Windows NT provides a default name, but you can select your own. 
Click Next to continue. 


6. The Add Printer Wizard asks if this printer will be shared with others on a net- 
work. If you click Shared, you must enter a printer name unique to the network 
and the printer is then made available for others on the network. If the printer is 
to be shared, you have to tell the system what operating systems are on the net- 
work that will use the printer. More than one OS can be selected. If the printer 
is only to be used by your PC, click Not Shared and click Next to continue. 


7. Print a test page. Select Yes to print the test page, and then click Finish to com- 
plete the installation. Close the Printer window. 


SUPPORTING WINDOWS NT AND APPLICATIONS 


Comprehensive coverage of Windows NT administration is beyond the scope of this book, 
but this chapter does cover a few common procedures that apply to supporting a standalone 
NT PC using both 16-bit and 32-bit applications. How the boot process works and how to 
troubleshoot problems during booting is also covered. 


The Windows NT Boot Process 


Understanding the boot process and making changes to it are critical when supporting 
Windows NT. (Also, Windows 2000 uses this same boot process.) When an NT PC is first 
turned on, the boot load menu asks you to select an OS. You can control this menu from 
the System Properties dialog box of the Control Panel. Click Start, point to Settings, and 
then click Control Panel. The Control Panel shown in Figure 13-24 allows you to con- 
figure Windows NT, add hardware devices and software, and configure the environment 
for applications. 
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Figure 13-24 The Windows NT Control Panel 


Double-click the System icon. The System Properties box opens. Click the 
Startup/Shutdown tab (see Figure 13-25). From the Startup drop-down list, select the OS 
that you want to start by default. Select the number of seconds you want the system to wait 
before it chooses the default option. Also from this tab, you can choose what you want the 
system to do when an error occurs that prevents Windows NT from loading (called a fatal 
system error). You are given the option to “Write an event to the system log” which can 
later be viewed under the event viewer. When you make changes and click OK, you are told 
that the system must reboot before the changes take effect. 


If you are having problems booting Windows NT, choose to “Write an event to the sys- 
tem log file” in the System Properties dialog box. Later a Microsoft support person can 
use this memory dump file to help in diagnosing the boot problem. 


3 
Printers Regional SCSI Adapters Server Services 
Settings 
S A p 8 Ü 
Sounds System Tape Devices Telephony UPS 
[25 object{s) 
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System Properties BEI 


General | Performance | Environment | 
Hardware Profiles | User Profiles | 


System Startup 


Startup: [windows NT 4.00 Installation/Uparade" 7] | 
Show list for E a seconds 


Recovery 
When a STOP error occurs, do the following: 
MV Write an event to the system log 


I~ Send an administrative alert 


I Write debugging information to: 


Figure 13-25 System Properties dialog box showing Startup/Shutdown tab 


Are What Happens During the Boot Sequence 


The following is a look behind the scenes with a description of each step in the boot 
process. As you read, refer to Table 13-2 for an outline of the boot sequence for Intel-based 


computers. 


Table 13-2 Steps in the Intel-based CPU boot process 
Description 
POST (power-on self test) is executed. 1. Performed by startup BIOS 
MBR (Master Boot Record) is loaded, and the master 2. Performed by startup BIOS 
boot program within the MBR is run. (The master 
program is at the very beginning of the hard drive, 
as part of the partition table information. The program 


searches for and loads the OS boot record of the 
active partition.) 


Boot sector from active partition is loaded, and 3. Performed by MBR program 
program in this boot sector is run. 


Ntldr (NT Loader) file is loaded and run. (The Ntldr 4. Performed by boot sector program 
file is the initially executed Windows NT OS file and 
is similar to lo.sys in DOS and Windows 9x.) 


Processor is changed from real mode to flat memory 5. Performed by Windows NT loader 
mode, in which 32-bit code can be executed. 
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Description Step 


Minifile system drivers (described below) are started 6. Performed by Windows NT loader 
so files can be read. 


Read Boot.ini file and build the boot loader menu 7. Performed by Windows NT loader 
described in the file. (This menu is discussed later in 
the chapter.) 


If user chooses Windows NT, then run Ntdetect.com 8. Performed by Windows NT loader 
to detect hardware present; otherwise, run 
Bootsect.dos. 


Ntldr reads information from the Registry about device | 9. Performed by Windows NT loader 
drivers and loads them. Also loads the Hal.dll and 
Ntoskrml.exe. 


Ntldr passes control to Ntoskrml.exe; load is complete. | 10. Last step performed by the loader 


BIOS executes POST. First, Startup BIOS performs POST, which happens just as it would 
regardless of the OS present. After POST, BIOS turns to the hard drive to load an OS. 
Remember from earlier chapters that BIOS looks for the partition information at the begin- 
ning of the hard drive. 


BIOS executes the MBR program. The first thing in the partition information that 
BIOS needs is the MBR (Master Boot Record) containing the master boot program. 
Remember from earlier chapters that the master boot program is the very first thing writ- 
ten in the first sector of a hard drive. The master boot program is followed by the partition 
table itself, and both are stored in the master boot sector. BIOS executes this master boot 
program, which examines the partition table, looking for the location of the active partition 
on the drive, and then turns to the first sector of the active partition to find and load the 
program in the boot sector of that active partition. So far in the boot process, nothing is dif- 
ferent between Windows NT and other OSs. 


The MBR program executes the OS boot program. Remember that when DOS or 
Windows 9x boots, the DOS boot sector contains the name of the initial OS load program, 
lo.sys. When Windows NT is installed, it edits this boot sector of the active partition, instruct- 
ing it to load the Windows NT program Ntldr at startup, instead of Io.sys. (It does this even 
when the PC is configured for a dual boot.) 


The boot program executes Ntldr. With the execution of Ntldr, Windows NT then 
starts its boot sequence. This program is responsible for loading Windows NT and perform- 
ing several chores to complete the load. It then passes off control to the OS. 


Ntldr changes the processor mode and loads a file system. Up to this point, the CPU 
has been processing in real mode; every program had complete access to system resources. 
Windows NT does not process in real mode. Ntldr is a 32-bit program and begins by chang- 
ing the CPU mode from real mode to a 32-bit mode called 32-bit flat memory mode, 
in order to run its 32-bit code. Next a temporary, simplified file system called the minifile 
system is started so that Ntldr can read files from either a FAT or an NTFS file system. 
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+ os! Ntldr reads and loads the boot loader menu. Ntldr then is able to read the Boot.ini 

1.1 file, a hidden text file that contains information needed to build the boot loader menu dis- 

cussed earlier. The menu is displayed, and the user can make a selection or, after the preset time 
expires, the default selection is used. 


Ntldr uses Ntdetect.com. If Ntldr is to load Windows NT as the OS, Ntldr runs the pro- 
gram Ntdetect.com, which checks the hardware devices present and passes the information 
back to Ntldr. This information will later be used to update the Windows NT registry con- 
cerning the last-known good hardware profile used (the registry is discussed later in the 
chapter). 


Ntldr loads the OS and device drivers. Ntldr then loads Ntoskrnl.exe, Hal.dll, and the 
System hive. The System hive is a portion of the Windows NT registry that includes hard- 
ware information that is now used to load the proper device drivers for the hardware present. 


Ntldr passes control to Ntoskrnl.exe. Ntldr then passes control to Ntoskrnl.exe, and the 
boot sequence is complete. 


An operating system other than Windows NT is chosen. Ifa selection was made from 
the boot loader menu to load an OS other than Windows NT, such as DOS or Windows 9x, 
Ntldr does not load Ntdetect.com or complete the remaining chores to load Windows NT, 
but loads and passes control to the program Bootsect.dos, which is responsible for loading the 
other OS. 


to another. However, the Bootsect.dos file contains information from the partition table 


When repairing a corrupted hard drive, a support person often copies files from one PC 
for this particular hard drive and cannot be copied from another PC. 


The files needed to successfully boot Windows NT are listed in Table 13-3. (In the table, ref- 
erences to \winnt_root follow Microsoft documentation conventions and mean the name of 
the directory where Windows NT is stored, which is \Winnt by default.) 


Table 13-3 Files needed to successfully boot Windows NT 


Location 


Ntldr Root directory of the system partition (usually C:\) 


Boot.ini Root directory of the system partition (usually C:\) 


Bootsect.dos Root directory of the system partition (usually C:\) 


Ntdetect.com Root directory of the system partition (usually C:\) 


Ntbootdd.sys* Root directory of the system partition (usually C:\) 


Ntoskrnl.exe \winnt_root\system32 directory of the boot partition 


Hal.dll \winnt_root\system32 directory of the boot partition 


System \winnt_root\system32\config of the boot partition 


Device drivers \winnt_root\system32\drivers of the boot partition 
*Ntbootdd.sys is only used with a SCSI boot device. 
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Troubleshooting the Boot Process 


Windows NT offers several tools and methods to aid in troubleshooting and fixing problems 
that happen during the boot process. For instance, each time the OS boots and the first logon 
is made with no errors, the OS saves a copy of the hardware configuration from the registry, 
which is called the Last Known Good configuration. The next time the PC boots, if an error 
occurs, it can use the Last Known Good configuration. Windows NT also offers a set of boot 
disks and an emergency rescue disk. If the emergency rescue disk has been kept up to date, 
it can be invaluable in solving boot problems. This section discusses how to use all three of 
these tools in troubleshooting the boot process. 


Last Known Good Configuration The key in the registry that contains the Last Known 
Good configuration is: 


HKEY LOCAL MACHINE \HARDWARE 


You can select the Last Known Good configuration from the Windows NT menu that dis- 
plays when a problem is encountered during the boot process. For example, if you install a 
new device driver, restart Windows NT, and find that the system hangs, you can use the Last 
Known Good configuration to revert back to the previous configuration. 


Because the configuration information is not saved to the Last Known Good area until after 
the logon, if you are having trouble with the boot, don’t attempt to log on. Doing so will cause 
the Last Known Good to be replaced by the current configuration, which might have errors. 


For example, if you have installed a new video driver and you restart Windows, but the screen 
is very difficult to read, don’t log on. Instead, press the reset button to reboot the PC. When 
given the choice, select Last Known Good from the startup menu. 


To prevent hard drive corruption, if you are having problems booting Windows NT, wait for 
all disk activity to stop before pressing the reset button or turning off the PC, especially if 
you are using the FAT file system. 


If you accidentally disable a critical device, Windows NT decides to revert to the Last Known 
Good for you. You are not provided with a menu choice. 


Reverting to the Last Known Good causes the loss of any changes made to the hardware 
configuration since the Last Known Good was saved. Therefore, it is wise to make one 
change at a time to the hardware configuration and reboot after each change. That way, if 
problems during booting are encountered, only the most recent change is lost. 


If you are having problems booting in Windows NT, don't log on, because if you do, 
iwi you will overwrite your previous Last Known Good. 


Windows NT Boot Disks With Windows 9x and DOS, any single disk could be format- 
ted as a boot disk or system disk. Windows NT is different. It requires three disks to hold 
enough of Windows NT to boot. However, formatting a disk to just hold data or software 
can be done using Explorer. 
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At os| When a disk is formatted by Windows NT, the boot sector is written to boot the Ntldr pro- 

3.1 | gram instead of Io.sys, as DOS and Windows 9x do. To format a disk, use Windows NT 
Explorer. Right-click the 3% Floppy (A:) line in Explorer and choose Format from the 
shortcut menu. Figure 13-26 is displayed. 


6X Exploring - My Computer 
File Edit View Tools Help 
| All Folders Format A:\ RAES 

Desktop 


Capacity: 


+) 


G-H)-l-8 


=] My Computer 
3 5 36 TE (A) fas". 1.44MB, a bytes/sector z] 
=] [C:) ely 44MB 512 br Q 
w 0) 
#2) Audio CD (E:) al 
(3) Control Panel Allocation Unit Size 


3B) Print eee 
al Finteis F [Defaut allocation size x] 
(+) Sg Network Neighborhood 


igy Recycle Bin Volume Label 
9 My Briefcase | 
Format Options 


T Quick Format 
I Enable Compression 


coe | 


Figure 13-26 Windows NT dialog box used to format a disk 


The only file system available for a disk is FAT. Note in the figure that there is no option to 
make the disk a system disk or boot disk. If you try to boot from a disk that has been for- 
matted by Windows NT, this error message displays: 


BOOT: Couldn’t find NTLDR 
Please insert another disk 


Creating boot disks is done by a different method. Remember that Windows NT comes 
with a set of three disks that are initially used to boot the machine before the installation 
continues from the CD-ROM. After the OS is installed, you can use these disks in an emer- 
gency to boot the OS. These three disks come with Windows NT, but you can make extra 
sets. The set of boot disks is the same no matter what PC you are using. The disks contain 
no special information about your system. 


If the original three disks to boot Windows NT become corrupted or are lost, you can make 
extra copies using Winnt32.exe if you are running Windows NT, or using Winnt.exe if you 
are running another OS, such as DOS or Windows 9x (explained below). You do not have 
to be working on the PC where you intend to use the disks in order to make them, since 
the disks don’t contain unique information for a PC. Proceed as follows to create boot disks 
using Windows NT: 


1. Click Start, Run and enter the path and name of the program with the /OX 
parameters. These parameters say to only create the set of three disks without 
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performing a complete installation. Note the E:\I1386\winnt32.exe/ox entry in 
the Run dialog box of Figure 13-27. This is the command line from within 
Windows NT used to create the disks when drive E contains the Windows NT 
installation CD. 


Run BEI 


Type the name of a program, folder, or document, and 
Windows will open it for you. 


Open: [E1386 \winnt32.exe fox X | 


I) Bonin separate Menon Space 


Cancel | Browse... | 


Figure 13-27 Using Winnt32.exe to create a set of boot disks 


2. The program asks for the location of the installation files. In this example, enter 
E:\I386.You are then prompted to insert three disks. The program creates the 
disks beginning with disk 3. 


Windows NT does not have a Safe Mode as does Windows 98, so, if the PC later cannot 
boot Windows NT from the hard drive, these three disks can be used to load Windows NT, 
which loads using a generic VGA mode. After Windows NT is loaded, use the Emergency 
Repair Disk to restore critical system files to their state at the time the last update was made 
to the emergency repair disk. 


The Windows NT Emergency Repair Disk A fourth important disk is the Emergency 
Repair Disk (ERD), which does contain information unique to your OS and hard drive.You 
are given the opportunity to create the disk during installation. Always create this disk, 
because it is your record of critical information about your system that can be used to fix a 
problem with the OS. 


The ERD is, in effect, a backup of the Windows NT registry on your hard drive, which con- 
tains all the configuration information of Windows NT. In addition, information that is used 
to build a NTVDM to run DOS applications is also included on the disk. The files on the ERD 
are listed in Table 13-4. More about each file is covered later in the chapter when the registry 
is discussed. Files stored on the ERD are also written to the hard drive during the installation 
process. Using Explorer, you can see the files listed in the \winnt_root\repair folder. 


After the installation, you can create a new ERD or update the current one by using the 
Rdisk.exe utility in the \winnt_root\system32 folder. You should update the disk any time you 
make any major changes to the system configuration.To use the Rdisk.exe utility, click Start, 
Run, and then either click Browse or enter the path to the utility. Add the /S option so that 
the utility also updates the SAM, Default, and Security files of the Registry. 


If Windows NT is stored on drive D, the command line is: 


D: \WINNT\System32\rdisk.exe /s 
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+ os| Files are first updated to the \winnt_root\repair directory, and then you are given the oppor- 
3.1 tunity to create a new ERD. 


Using the boot disks and ERD to recover from failed boot. If you cannot recover 
Windows NT from the Last Known Good hardware profile, the next step is to boot from 
the set of three boot disks that come with the Windows NT CD-ROM or that you made 
using either Winnt.exe or Winnt32.exe. The Windows NT programs on these disks may also 
request that you provide the ERD. Insert the first boot disk and reboot. You will be prompted 
to insert disk 2, followed by disk 3.The Setup menu in Figure 13-28 is then displayed. 


Table 13-4 Files on the Emergency Repair Disk 


Description 
Setup.log A read-only, hidden system file that is used to verify the files installed on a system 
System._ A compressed file containing the HKEY_LOCAL_MACHINE\SYSTEM Registry key 
Sam._ A compressed file containing the security accounts manager 
HKEY_LOCAL_MACHINE\SAM Registry key 
Security._ A compressed file containing security information from the 
HKEY_LOCAL_MACHINE\SECURITY Registry key 
Software._ A compressed file containing software information from the 
HKEY_LOCAL_MACHINE\SOFTWARE Registry key 
Default._ A compressed copy of the Default hive of the Registry 
Config.nt The Windows NT version of CONFIG.SYS (\winnt_root\Systems32\Config.nt), 
used for creating a virtual DOS machine (NTVDM) 


Autoexec.nt | The Windows NT version of AUTOEXEC.BAT (\winnt_root\Systems32\ 
Autoexec.nt) used for creating a virtual DOS machine 


Ntuser.da_ A compressed copy of \winnt_root\profiles\defaultuser\ntuser.dat 


Windows NT Workstation Setup 


Welcome to Setup. 
The Setup program for the Microsoft(R) Windows NT(TM) OS version 4.0 
prepares Windows NT to run on your computer. 


*To learn more about Windows NT Setup before continuing, press Fl 
*To set up Windows NT now, press ENTER 

*To repair a damaged Windows NT version 4.0 installation, press R 
*To quit Setup without installing Windows NT, press F3 


Figure 13-28 Windows NT Workstation Setup menu 


Select the option to repair a damaged installation by pressing R.When you press R, the fol- 
lowing list of optional tasks is displayed: 


(X) Inspect registry files 
(X) Inspect startup environment 
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+ 0s (X) Verify Windows NT system files 
3.1 (X) Inspect boot sector 
Continue (perform selected tasks) 


Table 13-5 summarizes the purpose of each task on the Repair menu. 


Table 13-5 The purpose of each task on the repair menu 
Repair Menu Option Description 


Inspect registry files This task prompts you before you replace each registry file stored on 
the ERD. Any changes to security and SAM are lost, and they revert 
to the state they were in at system installation. Changes to software 
and system are restored to the last update made to the ERD. 


Inspect startup Inspects the Boot.ini file and edits it so that Windows NT is added as 
environment an option if it is not already present 


Verify Windows NT Identifies and offers to replace files that have been altered from the 
system files original files on the Windows NT CD-ROM. Includes verifying files 
needed to boot. 


Inspect boot sector Verifies that the boot sector on the active partition has the reference 
to Ntldr and puts it there if needed. This action can correct the prob- 
lem caused by someone using the DOS SYS command that changes 
the boot sector to reference a DOS file instead of Ntldr. 


By default, all optional tasks listed above are selected. You can choose not to perform a task 
by highlighting it and pressing Enter, which removes the selection mark, X. After you have 
selected your options, highlight Continue and press Enter. 


Files are copied from the boot disks, as needed, to repair the startup environment. Some of 
the options listed above use the ERD. You are asked if you have the disk; if you answer pos- 
itively, you will be asked to insert the disk. For example, boot sector information used to per- 
form the task “Inspect boot sector” is included in the files on the ERD. Setup asks for the 
disk and restores the boot sector from the information on the disk. 


Table 13-6 lists some error messages that might display during the boot process when criti- 
cal files are missing or corrupted. In all cases listed in the table, the solution is to boot from 
the boot disks and provide the CD-ROM or ERD when requested by the setup program. 


Table 13-6 Some Windows NT errors at startup 
Error Message Missing or Corrupted File 
BOOT: Couldn't find NTLDR. Please insert another disk. Ntldr 
NTDETECT V1.0 Checking Hardware ... NTDETECT failed Ntdetect.com 
Windows NT could not start because the following file is missing Ntoskrnl.exe 


or corrupt: \winnt_root\system32\ntoskrnl.exe. Please re-install 
a copy of the above file 


I/O Error accessing boot sector file multi(O) disk (0) rdisk Bootsect.dos 
(0) partition (1):\bootsect.dos 
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Managing Legacy Software in the Windows NT Environment 


Even though it would be convenient if all software running under Windows NT were writ- 
ten in the newer 32-bit code used by Windows 9x and Windows NT, this doesn’t always 
happen. As explained in the discussion above, Windows NT makes provisions for running 
DOS applications by creating a separate NIVDM for each application, so that each pro- 
gram can run in its native environment. Windows 16-bit applications can run in individual 
NTVDMs, or several 16-bit Windows applications can run in the same NTVDM so they 
can share resources. How to do this is discussed next. 


Customizing an NTVDM for a DOS Application 


To prepare to run a DOS application with Windows NT, first create a shortcut to the DOS 
application. For example, a quick and easy way to place a shortcut on the desktop is to use 
Explorer. From Explorer, click the name of the executable file and drag it to the desktop. A 
shortcut is immediately created. You can edit the name of the shortcut on the desktop by 
clicking inside the name area, which creates an insertion point in the text. 


Next edit the properties of the shortcut. Right-click the shortcut icon. You see a shortcut 
menu, as in Figure 13-29. Select Properties from the menu. In the Properties dialog box, 
click the Program tab. Click Windows NT to open the Windows NT PIF Settings dialog 
box (see Figure 13-30). Notice the .nt file extension on the Autoexec and Config files in the 
\winnt_root\system32 folder. From this dialog box, you can edit the names and locations of 
these files. Click OK to return to the DOS Properties sheet. 


Send To 


Cut 
Copy 


Create Shortcut 
Delete 
Rename 


Figure 13-29 Right-click a shortcut icon to see the icon's shortcut menu 


Each DOS application can have individual initialization files, but by default, they all use these 
two, AUTOEXEC.NT and CONFIG.NT. You can edit the contents of these two files and 
put any DOS command compatible with DOS 5.0 in them.These commands will be exe- 
cuted when the NTVDM is first loaded. 


To configure memory for a DOS application to run under Windows NT, click the Memory 
tab (see Figure 13-31). In most cases, you should leave the conventional memory at Auto to 
allow Windows NT to make the selection. 
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21x! 


WordPerfect for DOS Properties 


General Program | Font | Memory | Screen| Misc | 
MS P. 
[WP.EXE 


Cmd line: [c: \WP51\WP.EXE 


Working: [cwrs 
Batch file: | 


Windows NT PIF Settings 
Shortcut key: Custom MS-DOS Initialization Files 
isle Autoexec Filename: ZORSA STEM32\4UTOEXEC. NT 


Config Filename: _[%SystemPioot”\SYSTEMS2\CONFIG.NT Cancel | 


I~ Compatible Timer Hardware Emulation 


Windows NT... | Change Icon... | 


Figure 13-30 Setting the location of initialization files for a DOS application 


WordPerfect for DOS Properties BE 


General] Program| Font Memory | Screen] Mise | 


> Conventional memory 
Initial 
Total: [auto 7] environment: [auto z] 


T Protected 


Expanded (EMS) memory 
Total: [None 7] 


m Extended XMS) memory 
Total: v 
M Uses HMA 


-MS-DOS protected-mode (DPMI] memory 


Total: [auto z | 


Caoa | aeo | 


Figure 13-341 The Memory tab of the DOS Properties dialog box 


Customizing an NTVDM for 16-bit Windows Applications 


As with customizing Windows NT for DOS applications, the first step in customizing 
Windows NT for 16-bit Windows applications is to create a shortcut for the application. Then 
you can right-click the shortcut and choose Properties from the menu. You see the 
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Windows Properties dialog box. Select the Shortcut tab (see Figure 13-32).To run the appli- 
cation in its own individual NTVDM, check Run in Separate Memory Space. If you are 
running a 16-bit application from the Start menu, as in Figure 13-33, when Windows NT 
recognizes the application to be a 16-bit Windows application, it makes the check box avail- 
able so that you can choose to run the application in its own memory address space. The box 
is grayed out if the application is a 32-bit or DOS application. 


Shortcut to capture Properties BE 


General Shortcut | 


Shortcut to capture 
2] 


Target type: Application 


Target location: COLLWIN 


Target: [D:\COLLWIN\capture. exe 


I` Run in Separate Memory Space 


Start in: [pco LLWIN 
Shortcut Key: [None 


Bun: | Normal window 7] 
Find Target... | Change Icon.. | 


Caoa | toh | 


Figure 13-32 Properties dialog box for a 16-bit Windows application 


Run BEI 


Type the name of a program, folder, or document, and 
Windows will open it for you. 


Figure 13-33 Windows NT allows a 16-bit application to run in a separate memory space 


Why Applications Might Not Work with Windows NT 
The following is a list of reasons that applications might not work with Windows NT: 


a DOS applications that try to access hardware directly are shut down by 
Windows NT. 


a A 16-bit Windows application that uses virtual device drivers (VxD) will fail 
because the virtual device drivers attempt to access hardware directly. 
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a A 32-bit application that was developed on a different hardware platform than the 
current PC might not run under Windows NT. 


m Some OS/2 applications are not compatible with Windows NT. 


THE WINDOWS NT REGISTRY 


The Windows NT Registry is a hierarchical database containing all the hardware, software, 
device drivers, network protocols, and user configuration information needed by the OS and 
applications. Many components depend on the registry for information about hardware, soft- 
ware, users, security, and much more. The Windows NT Registry provides a secure and sta- 
ble location for configuration information about these entities. Table 13-7 lists ways in which 


some components use the registry. 


The registry is a hierarchical database that follows an upside-down tree structure similar to 
that used by folders and subfolders. In the next section, you will look at how the registry is 
organized, how to view the contents of the registry, how to back up and recover the registry, 
and how Windows NT makes changes to the registry. 


How the Registry is Organized 


When studying how the registry is organized, keep in mind that there are two ways to look 
at this organization, the physical organization and the logical organization. 


Table 13-7 Components that use the Windows NT Registry 


Component 


Setup programs for devices and 
applications 


Description 


Setup programs can record configuration information 
in the Registry and query the Registry for information 
needed to install drivers and applications. 


User profiles that are maintained 
and used by the OS 


Windows NT maintains a profile for each user that 
determines the user's environment. User profiles are kept 
in files, but, when a user logs on, the profile information is 
written to the Registry, where changes are recorded, and 
then later written back to the user profile file. The OS uses 
this profile to control user settings and other configuration 


information specific to this user. 


When Ntldr is loading the OS 


During the boot process, Ntdetect.com surveys present 
hardware devices and records that information in the 
Registry. Ntldr loads and initializes device drivers using 
information from the Registry, including the order in which 
to load them. 


Device drivers 


Device drivers both read and write configuration informa- 

tion from and to the Registry each time they load. The dri- 
vers read hardware configuration information from and to 

the Registry to determine the proper way to load. 


The Windows NT Registry 715 


Table 13-7 Components that use the Windows NT Registry (continued) 
Component Description 


Hardware profiles Windows NT can maintain more than one set of hardware 
configuration information (called a hardware profile) for 
one PC. The data is kept in the Registry. An example of a 
PC that has more than one hardware profile is a PC that is 
also a docking station. Two hardware profiles describe the 
PC, one docked and the other undocked. This information 
is kept in the Registry. 


Application programs Many application programs read the Registry for informa- 
tion about the location of files the program uses and vari- 
ous other parameters that are stored in .ini files under 
Windows 3.x and Windows 9x. 


Logical Organization of the Registry 


Logically, the organization of the Registry looks like a tree with five branches, called keys or 
subtrees (see Figure 13-34), which are categories of information stored in the registry. Each 
key is made up of several subkeys that may also have subkeys under them. Subkeys lead to 
values. Each value has a name and data assigned to it. Data in the registry is always stored in 
values, the lowest level of the tree. 


Windows NT Registry Tree 
HKEY_CURRENT_| | HKEY_USERS | | HKEY_LOCAL_ | |HKEY_CURRENT_| | HKEY_CLASSES_ lg. Key or subtree 
USER MACHINE CONFIG ROOT 1 3 


Subkey Subkey Subkey 
Value Subkey Value 
Value Value Value 


Figure 13-34 The Windows NT Registry is logically organized in an upside-down tree 
structure of keys, subkeys, and values 


Figure 13-35 shows the Windows NT Registry Editor, the window you see when you first 
open the editor: the subtree level has five cascading windows, one for each subtree. The first 
window in the figure shows the HKEY_CURRENT_USER subtree and a list of the subkeys 
in this subtree. Notice in the figure that some subkeys have plus (+) signs in the icon. A + sign 
indicates that this subkey has subkeys under it. Later in the chapter you will see how to move 
down these subkeys to the lowest level of the tree, where the values are stored. 
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E3 Registry Editor 
Registy Edit Tree View Security Options Window Help 
x] HKEY_USERS on Local Machine 


E HKEY CURRENT. USER 


Software 
E UNICODE Program Groups 


Figure 13-35 The five subtrees of the Windows NT Registry 


Physical Organization of the Registry 


The physical organization of the registry is quite different from the logical organization. 
Physically, the registry is stored in five files called hives. There is not a one-to-one relationship 
between the subtrees and these five files, even though there are five of each. Figure 13-36 shows 
the way the subtrees are stored in hives, summarized as follows: 


a HKEY_LOCAL_MACHINE consists of four hives, the SAM hive, the Security 
hive, the Software hive, and the System hive. 


mw HKEY_CURRENT_CONFIG data is kept in portions of two hives, the 
Software hive and the System hive. 


a HKEY_CLASSES_ROOT data is kept in a portion of the Software hive. 
a HKEY_USERS data is kept in the Default hive. 
a HKEY_CURRENT_USER data is kept in a portion of the Default hive. 


From Figure 13-36, you can also see that physically, some subtrees use data that is contained in 
other subtrees. For instance, the HKEY_ CURRENT_USER data is a subset of the data in the 
HKEY_USERS subtree. HKEY_CURRENT_CONFIG and HKEY_CLASSES_ ROOT 
subtrees use data that is contained in the HKEY_ LOCAL MACHINE subtree. However, 
don’t let this physical relationship cloud your view of the logical relationship among these sub- 
trees. Even though data is shared among the different subtrees, logically speaking, none of the 
five subtrees is considered subordinate to any other. 
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HKEY_LOCAL_MACHINE 


SAM hive Security hive 


HKEY_CURRENT_CONFIG 


HKEY_CLASSES_ROOT 


Software hive System hive 


HKEY_USERS 
Default hive 


HKEY_CURRENT_USER 


Figure 13-36 The relationship between Registry subtrees (keys) and hives 


The Registry hives are stored in the \winnt_root\system32\config folder as a group of files 
(see Figure 13-37). In a physical sense, each hive is a file. Each hive is backed up with a log 
file and a backup file, which are stored in the \winnt_root\system32\config folder. 


In addition, registry information about each user who has ever logged on to this worksta- 
tion is permanently stored in a file named Ntuser.dat located in the \winnt_root\profiles 
folder. The ..\profiles subfolder has the same name as the username. For example, for the 
username JEAN, the path and name to the file is: 


C:\WINNT\Profiles\JEAN\Ntuser.dat 


The information in this file is the same as that temporarily kept in the HKEY_CUR- 
RENT_USER subtree while the user is logged on. 


A Closer Look at Subkeys and Values 


Now let’s go back to the logical organization of the registry. The five subtrees of the registry, 
displayed in Figure 13-35, are listed in Table 13-8 together with their primary functions. As 
you can notice from the table, the HKEY_LOCAL_MACHINE subtree is the supporting 
mainstay key of the registry. 
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| Exploring - D:\WINNT\system32\config 
File Edit View Tools Help 
|All Folders | Contents of 'D:\WINNT \system32\confia’ 
Flea) Winnt 
£ Config 1KB Text Document 
C Cursors [3] default 64KB SAV File 
L Fonts [a] Sam 20KB File 
a Help È) Sam 1KB Text Document 
aino [a] SecEvent.Evt 64KB EVT File 
a ag ia Security 28KB File 
-E Profiles Ë) Security 1KB Text Document 
Gia repair ia software 640KB File 
C ShelNew È) Software 1KB Text Document 
Ga system [3] software 316KB SAV File 
=] system32 i] SysEvent.Evt 64KB EVT File 
Ay [a] system 1A60KB File 
C dhcp [a] System. alt 1.160KB ALT File 
+- drivers [3] system 188KB SAV File 
H-E os2 [a] userciiff 76KB File 
0 ras 
H-I Reol a) p 
[17 object(s) (3.84MB [Disk free space: 248MB] 


Figure 13-37 The registry is stored in the \winnt_root\system32\config folder 


Table 13-8 The five subtrees of the Windows NT Registry 
Subtree (Main Keys) Primary Function 


HKEY_CURRENT_USER Contains information about the currently logged-on user. 
Similar information about each user who has ever logged on 
to this workstation is also kept in a file called Ntuser.dat in a 
folder with the same name as the username. 
HKEY_CLASSES_ROOT Contains information about software and the way software 
is configured. This key points to data stored in 
HKEY_LOCAL_MACHINE. 

HKEY_CURRENT_CONFIG Contains information about the active hardware configura- 
tion, which is extracted from the data stored in the 
HKEY_LOCAL_MACHINE subkeys called SOFTWARE and 
SYSTEM. 

HKEY_USERS Contains only two subkeys: information used to build the 
logon screen and the ID of the currently logged-on user. 
HKEY_LOCAL_MACHINE This key contains all configuration data about the computer, 
including information about device drivers and devices used 
at startup. The information in this key does not change 
when different users are logged on. 


At os || Windows NT offers two Registry Editors, each with a slightly different look and feel, 
Pe although they both accomplish the same thing. They are: 
m Regedt32.exe located in the \winnt_root\system32 folder, which shows each key 
in a separate window (recommended by Microsoft) 
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m Regedit.exe located in the \winnt_root folder, which shows all keys in the same 
window and has a look and feel similar to Explorer 


In the example below, we use Regedt32.exe to view the Registry to get a close look at reg- 
istry values. Even though the Registry Editors allow you to make changes to the registry, this 
should only be done as a last resort, and usually only when you are instructed to do so by a 
network administrator or Microsoft technical support. Never make changes to the Registry 
without first creating a current ERD. 


Figure 13-38 shows a view of the registry using Regedt32.exe all the way down to the value 
level. Double-click the filename in Explorer or use this command from the Start, Run dia- 
log box to access the Registry Editor. 


\winnt_root\System32\regedt32.exe 


Subkey 


TS Registry Editor - [HKEY_LOCAL_KIACHINE on Local Machine] 
i Registry Edit Tree View Security Options Window Help -(8| x) 
(©) HKEY_LOCAL_MACHINE Component Information : REG_BINARY : 00 00 00 00 00 00 00 00 


© HARDWARE Configuration Data : REG_FULL_RESOURCE_DESCRIPTOR: 
© DESCRIPTION Identifier: REG_SZ : AT/AT COMPATIBLE 
SystemBiosDate : REG_SZ : 11/22/96 
DEVICEMAP SystemBiosVersion : REG_MULTI_S2Z : Award Modular BIOS v4 
RESOURCEMAP VideoBiosDate : REG_SZ : 08/02/96 


SAM VideoBiosVersiong REG_MULTI_S2Z)33 860325 Video BIOS. \ 
@ SECURITY ee 

SOFTWARE 
SYSTEM 


Name of value 


Data type 
Value (data) 


Figure 13-38 Registry Editor showing subkeys and values 


When you don’t plan to make changes to the registry, set the editor to read-only mode to 
avoid making changes unintentionally. For example, follow these directions to view the 
HKEY_LOCAL_MACHINE portion of the registry as read-only. 


1. Select the Options menu and check Read Only Mode to avoid making 
changes unintentionally. 


2. Reduce to icons all subtree windows except HKEY_LOCAL_MACHINE. 


3. Maximize the HKEY_LOCAL_MACHINE window. The 
HKEY_LOCAL_ MACHINE key has five subkeys. The hardware subkey is the 
only one that does not relate to a hive. This key is built each time Windows NT 
is loaded, from information gathered during the boot. (As you work with the 
Registry Editor, double-click a yellow folder on the left side of the screen to 
expand the folder, and double-click it again to reduce it. ) 


4. Double-click Hardware, then Description, then System. Figure 13-38 shows 
the results of this action; you can now see values within the system subkey on the 
right side of the Registry Editor screen. Each entry of a value includes a name, a 
data type, and the value itself, which is sometimes called the configuration 
parameter. The value name is listed first, followed by the data type of the value, 
followed by the value itself. 


720 Chapter 13 Understanding and Supporting Windows NT Workstation 


5. If you need to edit a value, you can do so by double-clicking the value to open 
the edit box. You can make changes and click OK to record the changes. Because 
you are in read-only mode, if you double-click a value now, a warning will be 
displayed saying that your changes will not be saved. 


6. Exit the editor by clicking on the Registry menu and choosing Exit. 


Backing Up the Registry 


Before editing the registry directly using Regedt32.exe or changing it by installing hardware 
or software, make a backup of the registry. To back up the registry, use Rdisk.exe (discussed 
earlier in the chapter) to create an ERD, which also makes a copy of the Registry files to the 
\winnt_root\repair folder. After you have confirmed that your changes to the registry are func- 
tioning correctly, once again make a new ERD so that your registry backup is up to date. 


INSTALLING SOFTWARE AND HARDWARE 


Hardware and software are installed using the Windows NT Control Panel, which looks like, 
and works in a similar way to, that of Windows 9x (see Figure 13-24). As both are done, 
changes are made to the Registry. We next look at examples of each. 


Installing Software 


Software is installed from the Control Panel using the Add/Remove Programs icon. 
Installation works very much the same way as under Windows 9x. Access the Control Panel 
by clicking Start, pointing to Settings, and clicking Control Panel. From the Control 
Panel, double-click the Add/Remove Programs icon. The Add/Remove Programs 
Properties dialog box opens. Any software that installs with a Setup.exe or Install.exe pro- 
gram can be installed using this dialog box. Click Install, and the dialog box requests the 
location of the setup program. 


To add new components to Windows NT that were not installed when Windows NT was 
originally installed, click the Windows NT Setup tab of the Add/Remove Programs 
Properties dialog box. You see a list of all of the Windows NT components. From this list, you 
can select to install new components or to uninstall components that are already installed. 


Installing Hardware Devices 


Windows NT builds its list of available hardware devices each time it is booted. This list is 
not permanently kept in the registry. However, when a new hardware device is installed, 
device driver information is kept in the registry. New hardware devices are installed from the 
Control Panel. The steps below describe the installation of a sound card, because this instal- 
lation is typical of many hardware devices. 


1. To install a sound card, access the Control Panel and double-click the 
Multimedia icon. The Multimedia Properties dialog box is displayed. 


2. Click the Devices tab to see a list of multimedia devices. 
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3. Select Audio Devices and click the Add button. The Add dialog box opens. You 
can either select a device driver from the list or click Unlisted or Updated 
Driver to install your own device driver from disk or CD-ROM. 


4. If you choose to install your own driver, click Unlisted or Updated Driver 
and click OK. The Install Driver dialog box is displayed, asking for the location 
of the driver. As the example shown in Figure 13-39 shows, the vendor-provided 
driver is selected. Several versions of the driver (for each of the OSs supported) 
are located in directories on the CD-ROM that comes with the sound card. 


Multimedia Properties _2|x| 


Audo | Video | MIDI | CDMusic Devices | 


Multimedia devices: 


ity Mixer Devices 
@) Line Input Devices 
EP Media Control Devices 
gee) Video Compression Cc 
44] Audio Compression Cc 
‘gy Video Capture Device 
& Joystick Devices 


(MCI) CD Audio 
(MC!) Microsoft Video for Windows 


Cinepak Codec by Radius Inc. 
Compaq Business Audio 
Creative Labs Sound Blaster 1.x, Pro, 16 


DSP Groun Luatnanabi Thi] Audie CONES 


IMA ADPC Install Driver x| 
indieo cod | Tiina the deleuahi E 
nsert the dis! unlisted, u 3 

or vendor-provided driver in: 

Cancel | 

Browse... | 

Help | 


Figure 13-39 When installing a device driver, you can use a driver provided by 
Windows NT or one from the device vendor 


5. In the example CD, the location for the driver is E:\nt\. Enter the path and click 
OK to continue the installation. If Windows NT already has the driver you are 
installing, the OS gives you the choice to use the driver provided by the vendor 
or the Windows NT driver. 


6. The driver is copied to the hard drive, and then the hardware setup dialog box is 
displayed, as seen in Figure 13-40. The suggested I/O address, IRQ, and DMA 
channel are selected, but you can change these values if you are aware of a conflict. 
Otherwise, leave the values as suggested and click OK to complete the installation. 


7. The Windows NT Registry is then updated, and you are asked to restart the PC 
so the changes to the registry can take effect. 


8. Install the CD Player component of Windows NT to use the new sound card. As 
with many devices, software is necessary to use the sound card. The next step is 
to double-click the Add/Remove Programs icon of the Control Panel and install 
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the CD Player component of Windows NT in order to use the sound card to 
play audio CDs. This installation window works just as with Windows 9x. 


YAMAHA OPL3-SA Series Driver 


OPL3SA3 hardware setup 
m Hardware Configuration 
— Wave —— -MPU401 


WO Address: [530n >] | | T- Enable MPU401 
IRQ: [s E| VO Address: E 30h z| 
ppm Eo 
IRQ: |° z 


F Use Dual DMA 


HEr Record 
C DROO CRAN 
© DRAI C DRAI 


C DRQ3 © DROZ 


Cancel | About | 


Figure 13-40 Windows NT suggests a hardware setup for the new device 


This example is typical of many hardware installations. The Control Panel was used to install 
the device driver, and you saw how Windows NT suggests the hardware setup resources to 
use. Next time the PC boots, the registry communicates to the Ntldr program to load the 
sound card device driver. As the driver loads, it looks to the registry for the list of resources 
that it will use. 


The software to use the CD player is also installed from the Control Panel. This information 
is now kept in the registry to be used each time the OS loads. The OS uses this registry infor- 
mation to provide the CD Player option under Start, Accessories, Multimedia. 


Winbows NT DiacnosTtTic TOOLS 


Windows NT provides several diagnostic tools to help support users, the OS, and applica- 
tions, and to help with troubleshooting. Three tools are discussed below: the Task Manager, 
the Event Viewer, and Windows NT Diagnostics. 


The Task Manager 


The Task Manager is a tool that was first introduced with Windows NT 4.0 and is included 
with Windows 98 and Windows 2000. It allows you to monitor processes and applications run- 
ning on the PC, and to start and stop them. It also displays performance measurements, includ- 
ing processor time, main memory and virtual memory size, and number of threads, to help in 
diagnosing problems with poor performance. There are three ways to access Task Manager: 


Windows NT Diagnostic Tools 723 


right-click the taskbar and select Task Manager from the shortcut menu, press CTRL,ALT and 
DEL and select Task Manager from the Security window, or press CTRL, SHIFT and 
ESCAPE. Either way, the utility Taskman.exe is executed. Click the Applications tab to dis- 
play a list of applications currently running. For instance, in Figure 13-41, three applications are 
running. This window is actively monitoring all tasks as they are started and stopped by other 
means than the Task Manager. However, you can end a task, switch from one task to another, 
and start a new task from this tab as well. 


E Windows NT Task Manager |. {OF x] 
File Options View Windows Help 


Applications | Processes | Performance | 


2112] 00:08 - CD Player Running 
ie Minesweeper Running 
Ey} MyFile - Notepad Running 


End Task | Switch To | New Task... | 


|Processes: 19 [CPU Usage: 2% [Mem Usage: 23908K /67836K 4 


Figure 13-41 The Task Manager lists applications currently running 


Click the Processes tab to see a list of current processes (see Figure 13-42). In the figure, 
two programs are subordinate to the Ntvdm.exe process, which provides a NIVDM. 
Capture.exe is a 16-bit, Windows 3.x application that requires a WOW to run in an 
NTVDM. Wowexec.exe provides the WOW. 


From this tab, you can monitor CPU time and memory used by processes, end processes 
by clicking on End Process, and see, in a visual format, how some programs are related to 
others within a process. 


Click the Performance tab to see a graphical representation of how system resources are 
being used. CPU usage and memory usage are graphed, and other statistics are displayed at 
the bottom of the sheet. In Figure 13-43, the sudden jump in CPU usage shown in the 
graph was caused when a print job with graphics (this screen capture) was sent to the 
printer. Use the Task Manager to end applications that have locked up, to monitor processes 
and applications that are draining computer resources, and to search for potential problems 
with memory and the CPU. 
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£3 Windows NT Task Manager | - |O} x] 
File Options View Help 
Applications į F fOCESSES | Performance | 
|_Image Name | PID] CPU CPU Time | Mem Usage | | 
smss. exe 18 00 0:00:00 120K 
CS1SS.exe 30 00 0:00:02 492K 
winlogon.exe 32 00 0:00:03 280K 
services.exe 38 00 0:00:03 2508 K 
lsass.exe 4 00 0:00:00 528K 
SysTray.Exe 56 00 0:00:00 584K 
spoolss.exe 65 00 0:00:00 120K 
ntydm.exe 73 00 0:00:00 1004K 
capture.exe oo 0:00:23 
WOWEXEC. exe 00 0:00:00 
RpcSs.exe 80 00 0:00:00 200K 
tapisry.exe 85 00 0:00:00 120K 
rasman.exe 99 00 0:00:00 580K 
Explorer.exe 108 0 0:00:46 4556 K 
nddeagnt. exe 122 00 0:00:00 580K 
winmine.exe 132 00 0:00:00 100K 
notepad.exe 143 00 0:00:00 52K 
taskmgr.exe 149 02 0:00:04 1620K 
cdplayer.exe 156 00 0:00:00 1332K ¥ 
End Process | 
(Processes: 19 [CPU Usage: 4% [Mem Usage: 23912K /67836K ⁄ 


Figure 13-42 The Task Manager tracks current processes and how they are using system 
resources 


£3 Windows NT Task Manager -ioj x] 
File Options View Help 


Applications | Processes 


CPU Usage— > r CPU Usage History 


MEM Usage r Memory Usage History 


2393K 
oas = T Physical Memory [K) 
Handles 1320, Total 32184 
Threads 120, | Available 11372 
Processes 19| | File Cache 6416 
Commit Charge (KJ) r Kernel Memory [K) 
Total 23932| | Total 5096 
Limit 67836 | Paged 4140 
Peak 24828) | Nonpaged 956 


[Processes: 19 [CPU Usage: 6% [Mem Usage: 23932K /67836K /⁄ 


Figure 13-43 The Task Manager monitors system performance 
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Another diagnostic tool in the Administrative Tools group that measures component 

and application performance is Performance Monitor. It can track percent processor 
time indicating how busy the CPU is, interrupts/second indicating performance of 
hardware devices, and processor queue length indicating CPU performance. 


The Event Viewer 


Ae osl One of the most important uses of the Event Viewer is to view a log that Windows NT cre- 
3.1) ated because of a failed event. Most information can be found here to help resolve the failed 
event. Access the Event Viewer by clicking Start, pointing to Programs, Administrative 
Tools, and clicking Event Viewer in the menu list. The Event Viewer tracks events as they 
are performed by the applications, the OS, services, or processes, and by user actions. When an 
attempted action causes a problem, this event, as well as significant successful events, is recorded 
in the Event Viewer. In Figure 13-44, a failed event is indicated by a stop sign in front of the 
event line; the eighth event in the log failed. Near the bottom of the list, a possible future prob- 
lem with an event is indicated by an exclamation point. Events are marked with the letter “1” 
to indicate that the event completed successfully. To see the details of an event, double-click 
the event line in the log. For example, to see a description of the problem for the event that 
failed, double-click that line. The details for the failed event of Figure 13-44 are shown in 
Figure 13-45. Using the log Menu in the Event viewer window, you can save the log to a log 
file, open a previously-saved log file, and clear all events from the current log. (Windows 2000 
uses the action menu for these same functions.). 


Date Time Source Category Event 
: eres ened i ct al: 
EventLog 
EventLag 
EventLog 
RemoteAccess 
RemoteAccess . 
RemoteAccess stop Sien 
12:51:44 PM RemoteAccess indicates a 
12:50:45 PM RemateAccess failed event 
12:50:02 PM Rdr 
12:38:50 PM RemoteAccess 
12:27:15 PM RemoteAccess 
12:27:15 PM RemoteAccess 
12:18:59 PM Rdr 
12:18:19 PM 
00-33 Phd 


Figure 13-44 The Event Viewer tracks failed events and many successful ones 
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Event Detail Eg 
Date: 11/8/97 EventID: 20016 
Time: 12:51:44 PM Source; RemoteAccess 
User: NAA Type: Error 
Computer: MYRTLETREE1 Category: None 
Description: 


The user jean has connected and failed to authenticate on port COM1. + 
The line has been disconnected. 


Data: ©) Bytes (©) Wards 


Brevious | Next | Help | 


Figure 13-45 The details of a failed event 


Windows NT Diagnostic 


The Windows NT Diagnostic utility is a graphical view of the Windows NT Registry show- 
ing hardware and OS data, which can be used to resolve conflicts, diagnose failed hardware, 
view information about drivers and services that are loaded, and much more. The utility is 
located in the Administrative Tools group. Click on Start, point to Programs, 
Administrative Tools, and click Windows NT Diagnostics. Information cannot be 
updated using this utility, but it is a convenient way to view the information. For example, 
click the Resources tab to see a list of different resources. By using the buttons at the bot- 
tom of this sheet, you can see a list of IRQs (see Figure 13-46), I/O ports, DMA channels, 
memory, and devices in use. Browsing through the Windows NT Diagnostic tabs allows you 


to see a thorough overview of the hardware and OS configurations. 
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£ Windows NT Diagnostics - \\WMYRTLETREE1 BEI 
File Help 
Version | System | Display | Drives | Memory | 
Services Resources | Environment | Network | 


Include HAL resources [— 


01 i8042prt 0 Isa 
03 Sermouse 0 Isa 
04 Serial 0 Isa 
05 opl3sa 0 Isa 
06 Floppy 0 Isa 
10 Sparrow 0 Isa 
14 atapi 0 Isa 
15 atapi 0 Isa 


| IRQ 1/0 Port | DMA | Memory | Devices | 


Properties | Refresh | Print I ox] 


Figure 13-46 The Windows NT Diagnostics utility shows information from the registry 


CHAPTER SUMMARY 


3 Windows NT comes in two versions, Windows NT Workstation and 
Windows NT Server. 


a Both versions can operate on standalone PCs or on a network, but Windows NT 
Server can also operate as a controller in a network domain. 


o The next evolution of Windows NT after Version 4 is Windows 2000. 


o Windows NT does not claim to be fully backward-compatible with legacy hardware 
and software, as does Windows 9x. 


a Windows NT requires at least a 486DX Intel-based CPU, 12 MB of RAM, and 
120 MB of hard drive space. 


o Windows NT is written for different CPU technologies. The installation information 
for three different CPU types is contained on the CD-ROM. 


o The hardware compatibility list (HCL) is maintained by Microsoft and is a list of 
devices that, according to Microsoft, are compatible with Windows NT. 


a Windows NT and Windows 9x have a similar desktop; many functions look and act the 
same way. 


a Windows NT can operate using two different file systems: FAT16 and NTFS. NTFS 
offers more security and power than does FAT 16, but FAT 16 is backward-compatible 
with older OSs. 
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A PC can be configured to dual boot between Windows NT and either DOS or 
Windows 9x. 


Windows NT works on different platforms and with different software because of its 
modular approach to interfacing with both. 


The two architectural modes of Windows NT are user mode and kernel mode. Kernel 
mode is further divided into two components: executive services and the hardware 
abstraction layer (HAL). 


A process is a unique instance of a program running together with the program 
resources and other programs it may use. 


An NTVDM provides a DOS-lke environment for DOS and Windows 3.x applications. 
Windows 3.x 16-bit applications run in a WOW. 


A workgroup is a group of computers and users sharing resources. Each computer 
maintains a list of users and their rights on that particular PC. 


A domain is a group of computers and users that is managed by a centralized control- 
ling database on a computer called the primary domain controller (PDC). 


Of all Windows NT accounts, the administrator account has the most privileges and 
rights and can create new user accounts and assign them rights. 


The NT Hardware Qualifier is on the Windows NT CD-ROM and can be used to 
survey the hardware devices on a PC to determine if they qualify to run under the 
Windows NT OS. 


Four disks are important to recover from a failed Windows NT boot. Three disks are 
required to boot Windows NT, and an emergency repair disk (ERD) can be prepared 
to recover critical system files on the hard drive. 


The Windows NT Registry is a database containing all the hardware, software, and user 
configuration information on the PC. The Registry is stored in five files called hives. 


Windows NT makes most changes to the Registry when you change the system con- 
figuration from the Control Panel. 


Three diagnostic utilities included with Windows NT are the Event Viewer, 
Windows NT Diagnostics, and the Task Manager. 


KEY TERMS 


32-bit flat memory mode — A protected processing mode used by Windows NT to 


process programs written in 32-bit code early in the boot process. NT is a full 32-bit OS. 


Administrator account — An account that grants to the administrator(s) rights and per- 


missions to all hardware and software resources, such as the right to add, delete, and 
change accounts and to change hardware configurations. 


API (application program interface) — A method used by an application program to 


call another program to perform a utility task. 
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Backup domain controller (BDC) — A computer on a network that holds a read- 
only copy of the SAM (security accounts manager) database. 

Boot loader menu — A startup menu that gives the user the choice between 
Windows NT Workstation Version 4.0 and another OS, such as Windows 98. 

Boot partition — The hard drive partition where the Windows NT OS is stored. The 
system partition and the boot partition may be different partitions. 

Configuration parameter — Another name for the value names and values of the 
Registry; information in the Windows NT Registry. 

Domain — A logical group of networked computers, such as those on a college campus, 
that share a centralized directory database of user account information and security for 
the entire domain. 

Dual boot — The ability to boot using either of two different OSs, such as Windows NT 
and Windows 98. Note that programs cannot be easily shared between Windows NT 
and the other OS. 

Environment subsystems — A user-mode process in which a subsystem runs an applica- 
tion in its own private memory address space as a virtual machine. (Compare to integral 
subsystems.) 

Event Viewer — A utility that tracks and logs events as they are performed by the appli- 
cations, processes, or user actions. Accessed by clicking Start, Programs, Administrative 
Tools, and then selecting Event Viewer. 

Executive services — In Windows NT, a subsystem running in kernel mode that inter- 
faces between the user mode and HAL. 

Fatal system error — An error that prevents Windows NT from loading. An example is 
a damaged Registry. 

File system — The overall structure that an OS uses to name, store, and organize files on 
a disk. Examples of files systems are FAT16, FAT32, and NTFS. 

Hardware abstraction layer (HAL) — The low-level part of Windows NT, written 
specifically for each CPU technology, so that only the HAL must change when plat- 
form components change. 

Hardware compatibility list (HCL) — The list of all computers and peripheral devices 
that have been tested and are officially supported by Windows NT (see www. 
microsoft.com/hcl). 

Hardware profiles — Configuration information about memory, CPU, and OS, for a 
PC. A PC may have more than one profile. For example, a docking station PC may 
have two profiles, one with and one without the notebook PC docked. 

Hive — A physical segment of the Windows NT Registry that is stored in a file. 

Integral subsystems — Processes used to provide services to the rest of the system and 
the applications the system supports. (Compare to environment subsystems.) 

Kernel mode — A Windows NT “privileged” processing mode that has access to hard- 
ware components. 

Minifile system — A simplified file system that is started so that Ntldr (NT Loader) can 
read files from either a FAT16 or an NTFS file system. 
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Multithreading — The ability to pass more than one function (thread) to the OS kernel at 
the same time, such as when one thread is performing a print job while another reads a file. 

NT Hardware Qualifier (NTHQ) — A utility found on the NT installation CD-ROM 
that examines your system to determine if all hardware present qualifies for NT. 

Ntldr (NT Loader) — Ntldr is the OS loader used on Intel systems. 

NT virtual DOS machine (NTVDM) — An emulated environment in which a 16-bit 
DOS application or a Windows 3.x application resides within Windows NT with its 
own memory space or WOW (Win 16 application on a Win 32 platform). (See WOW.) 

Portable Operating System Interface (POSIX) — A set of standards adopted to 
allow operating systems (such as UNIX and NT) and their applications to port from 
one platform to another. 

Primary domain controller (PDC) — The computer that controls the directory data- 
base of user accounts, group accounts, and computer accounts on a domain. 

Process — An executing instance of a program together with the program resources. There 
can be more than one process running for a program at the same time. One process for a 
program happens each time the program is loaded into memory or executed. 

Roaming users — Users who can move from PC to PC within a network, with their 
profiles following them. 

SAM (security accounts manager) — A portion of the Windows NT Registry that 
manages the account database that contains accounts, policies, and other pertinent infor- 
mation about the domain. 

Subtree — One of five main keys that make up the Windows NT Registry. Examples are 
HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE. 

System partition — The active partition of the hard drive containing the boot record 
and the specific files required to load Windows NT. 

Thread — A single task that is part of a larger task or program. 

User account — The information, stored in the SAM database, that defines an NT user, 
including username, password, memberships, and rights. 

User mode — Provides an interface between an application and an OS, and only has 
access to hardware resources through the code running in kernel mode. 

User profile — A personal profile about the user, kept in the NT Registry, which enables 
the user’s desktop settings and other operating parameters to be retained from one ses- 
sion to another. 

Windows NT file system (NTFS) — A file system first introduced with Windows NT 
that provides improved security, disk storage, file compression, and long filenames. 

Windows NT Registry — A database containing all configuration information, includ- 
ing the user profile and hardware settings. The NT Registry is not compatible with the 
Windows 9x Registry. 

Workgroup — A logical group of computers and users in which administration, 
resources, and security are distributed throughout the network, without centralized 
management or security. 

WOW (Win 16 on Win 32) — A group of programs provided by Windows NT to create 
a virtual DOS environment that emulates a 16-bit Windows environment, protecting the 
rest of the NT OS from 16-bit applications. 
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REVIEW QUESTIONS 


an BO Ne 


. What are the two versions of Windows NT 4.0? 

. Which OS is more backward-compatible, Windows 98 or Windows NT? 
. Why can’t a 16-bit device driver work under Windows NT? 

. What layer of Windows NT is responsible for interacting with hardware? 


. What is one reason that interaction with hardware is limited to only one layer of 


the OS? 


. Before you install Windows NT, how can you determine if all the hardware on your 


PC is supported by the OS? 


7. What is one reason not to upgrade from Windows 98 to Windows NT? 


8. What is one reason to upgrade from Windows 98 to Windows NT? 


9. What two file systems are supported by Windows NT? 


10. 


11. 


12. 


13. 


14. 
15. 


16. 


17. 


18. 


19. 
20. 
21. 
22. 
23. 


24. 


If you have Windows 98 installed on a PC using FAT32 and you are creating a dual 
boot with Windows NT, what must you do first? 


If you are upgrading a PC from Windows 98 with FAT32 to Windows NT, how will 
having FAT32 on the hard drive change the results of the upgrade, as opposed to an 
installation that begins with FAT 16? 


Which is more likely to hang, or lock up, Windows NT or Windows 98? 


How many bits are used to store a cluster number in the Windows NT NTFS 
file system? 


What is the file system that is common to DOS, Windows 9x, and Windows NT? 


What file system cannot be read by DOS or Windows 9x, but can be used by 
Windows NT? 


Which file system can be read by some versions of Windows 9x, but not DOS or 
Windows NT? 


Windows NT is installed using a system partition and a boot partition. Which of these 
partitions must be the active partition of the hard drive? 


Which part of the Windows NT architecture makes it possible for Windows NT to 
port to more than one platform? 


What are the two core components, or modes, of the Windows NT architecture? 
Which of these two modes contains the NTVDM? 

Why do 32-bit applications not need to reside in an NTVDM? 

What is one function of a backup domain controller in a Windows NT domain? 


In a Windows NT workgroup, where is access to an individual workstation on the 
network controlled? 


In a Windows NT domain, where is access to an individual workstation on the net- 
work controlled? 
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25. If you are working from home and want to log on to a Windows NT network at 
your workplace, how do you get access to the network? 


26. What is the first Windows NT program that is loaded and run when Windows NT 
is booted? 


27. How many floppy disks are needed in order to boot Windows NT from disk? 
28. What is the command to back up the Windows NT Registry to disk? 


29. Of the five subtrees of the Windows NT Registry, which one is most important in 
retaining information about hardware? 


30. Which subtrees contain information in the software hive? 


31. In what folder is information stored by each user who logs on to the Windows NT 
workstation? 


32. What Windows NT utility do you use to look for information about a failed event? 


33. What Windows NT utility do you use to help solve problems with system resource 
conflicts? 


34. A software developer comes to you with a problem. She has been asked to convert 
software that she has written for Windows 9x to Windows NT. The software consists 
of two 16-bit programs that work equally well under Windows 3.x and Windows 9x. 
She was able to convert one of the programs to a 32-bit version, but had to leave the 
other program in 16-bit code. Both programs run at the same time and share data in 
memory. However, when she runs the two programs under Windows NT, the 32-bit 
program cannot read data written to memory by the 16-bit program. Why not? What 
should she do so that the two programs can work under Windows NT? 


PROJECTS 


"i Using the Control Panel 


an 1. Shut down and restart Windows NT and observe the number of seconds that the 
boot loader program waits until Windows NT is loaded. Key in the number of sec- 
onds to wait so that the number of seconds is doubled. Verify that the change is made, 
by rebooting. When you have verified the change, return the number of seconds to 
the original value. 


2. Check under the Accessories and Games sections of Windows NT and install a new 
game or accessory. Verify that the program is installed. 


3. Change the colors in the Display Properties box and verify the changes. 


y Troubleshooting the Boot Process 


"e | Prepare a copy of the three Windows NT setup disks and an emergency repair disk, and then 
reproduce one of the errors listed in Table 13-6. Use the disks to recover from the error. 
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Editing the Windows NT Registry 


Be sure you have an updated copy of the three boot disks and the Emergency Repair Disk 
before editing the registry. Insert a CD-ROM that has autorun and verify that autorun is 
working. Then make a change to the registry to disable autorun from a CD-ROM by edit- 
ing this subkey: 


HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CdRom\Autorun = 0 


Use the Internet for Problem Solving 


Access the www.microsoft.com web site for Windows NT Workstation support. Print one 
example of a frequently asked question and its answer. 


Using the Windows NT Diagnostic Utility 


1. Using Windows NT Diagnostics, print out information about memory for your PC. 
2. List the IRQs currently not used by your system. 
3. List the DMA channels that are currently being used, and explain how each is used. 


Windows NT and 16-bit Applications 


Try running a DOS utility such as MSD or SANDRA (from Chapter 1) under Windows 
NT. What error message do you get? Why? 


Using the Internet for Research 


You want to install Windows NT on a PC using a dual boot with Windows 98. The 
Windows 98 logical drive is using FAT32, and you want Windows NT to be able to access 
the data files on this logical drive. Using the Internet, look for third-party software that will 
allow Windows NT to read from and write to FAT32 volumes. Answer these questions: 


1. What software allows Windows NT to read FAT32 volumes? How much does it cost? 
What URL did you use to answer the question? 


2. What software allows Windows NT to read from and write to FAT32 volumes? How 
much does it cost? What URL did you use to answer the question? 


